From owner-freebsd-security Wed Jan 24 11:31:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.sonet.pt (mail.sonet.pt [195.8.11.18]) by hub.freebsd.org (Postfix) with SMTP id 80C4837B404 for ; Wed, 24 Jan 2001 11:30:50 -0800 (PST) Received: (qmail 14611 invoked from network); 24 Jan 2001 19:29:09 -0000 Received: from unknown (HELO angelsp) (195.8.11.26) by 195.8.11.18 with SMTP; 24 Jan 2001 19:29:09 -0000 Message-ID: <030c01c0863c$0ae82680$1a0b08c3@sonet.pt> From: "Jorge Filipe Andrade" To: , References: <01012417332701.31962@localhost.localdomain> Subject: Re: socket: No buffer space available Date: Wed, 24 Jan 2001 19:30:00 -0000 Organization: =?Windows-1252?Q?SONET_-_Servi=E7os_Internet=2C_Lda?= MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. I have too this problem, but is in Squid Proxy Server... In cache.log and in Microsoft Internet Explorer 5: 2001/01/24 19:04:24| comm_open: socket failure: (55) No buffer space available 2001/01/24 19:04:24| comm_open: socket failure: (55) No buffer space available ... and the squid proxy server not working correctly. I running the squid proxy server in Dual PIII 500 Mhz with 384 RAM, FreeBSD 4.1.1-RELEASE and two network board, I have too installed a Cidera Inc. Cache (SkyCache). Any questions? -- Best Regards, Jorge Filipe Andrade SONET - Serviços Internet, Lda http://www.sonet.pt ----- Original Message ----- From: "Mr. Blackman" To: Sent: Wednesday, January 24, 2001 2:32 PM Subject: DoS: socket: No buffer space available > > Hello! > > Last days our server was DoSed (I'm sure). > Ok, facts: > The Problem: > IP socket: No buffer space available > UNIX Socket : No buffer space available > > Victim: FreeBSD 3.4 > Kernel compiled with these options: > options ICMP_BANDLIM > options TCP_DROP_SYNFIN > options TCP_RESTRICT_RST > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > > /etc/rc.conf: > tcp_drop_synfin="YES" > tcp_restrict_rst="YES" > icmp_drop_redirect="YES" > icmp_log_redirect="YES" > firewall_enable="YES" > firewall_script="/etc/rc.firewall" > firewall_type="/etc/rc.firewall" > firewall_quiet="NO" > > ### TCP STACK TUNING ### > # TCP send/receive spaces > sysctl -w net.inet.tcp.sendspace=32768 > sysctl -w net.inet.tcp.recvspace=32768 > # Socket queue defense against SYN attacks > sysctl -w kern.ipc.somaxconn=1024 #!!! > sysctl -w net.inet.icmp.drop_redirect=1 > sysctl -w net.inet.icmp.log_redirect=1 > sysctl -w net.inet.ip.redirect=0 > sysctl -w net.inet6.ip6.redirect=0 > sysctl -w net.link.ether.inet.max_age=1200 > sysctl -w net.inet.ip.sourceroute=0 > sysctl -w net.inet.ip.accept_sourceroute=0 > sysctl -w net.inet.icmp.bmcastecho=0 > sysctl -w net.inet.icmp.maskrepl=0 > ### END TCP STACK TUNING ### > > On this server all packets are filtered with IPFW and _all_, except 53 udp are > in "deny". > > Yes, I know about "named DoS", but the server is completely down. > And only reboot solve the problem. > > Where is the problem, where is salvation?:) > > Thank you for attention. > > Mr. Blackman, Security Officer. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message