Date: Wed, 21 May 2003 00:08:13 +0200 From: Saulius Menkevičius <razzmatazz@mail.lt> To: <freebsd-stable@freebsd.org> Subject: Re: lots of sockets in TIME_WAIT Message-ID: <E19IFEH-0000Hg-64@midway.tamsa> In-Reply-To: <20030520131538.M9634@carver.gumbysoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Once Doug White wrote: >On Tue, 20 May 2003, Saulius Menkevi=E8ius wrote: > >>I have some DDOS(?) attack on my router going where my apache= HTTP >>server is flooded with short-timed connections from some host.= This >>results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states= and >>eventually I'm out of mbufs, which, consequently means I can't= even >>connect to the router from LAN. The kern.ipc.nmbclusters is= 2560, >>(I >>guess high enough for router with DSL connection). > >TIME_WAIT is normal for a server. LAST_ACK/CLOSING looks like packet >loss. Is your outbound link overloaded normally, or from the= DoS? > >Can you block the host? :) > >> After some time all mbufs are depleted (system says "All= mbuf >>cluster exhausted"). However, unexpectedly the system panics >>shortly >>in about 10 minutes (+/-) with: > >Then increase the mbufs & clusters. Did you read the tuning man= page? Ahem, I did increase mbufs, according to man page. But I wonder= why it panics. It shouldn't panic when there are no mbufs free, or= should it ? -- Saulius Menkevi=E8ius, razzmatazz@mail.lt on 05.21.2003
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E19IFEH-0000Hg-64>