Date: Mon, 20 Sep 1999 13:20:25 -0300 From: "Joao Carlos" <jcarlos@bahianet.com.br> To: "Dag-Erling Smorgrav" <des@flood.ping.uio.no> Cc: <stable@FreeBSD.ORG>, <questions@FreeBSD.ORG>, <security@FreeBSD.ORG>, <jkh@FreeBSD.ORG> Subject: Re: Out of mbuf clusters Message-ID: <006301bf0384$0c30e2c0$0400a8c0@bahianet.com.br> References: <000501bf030a$ac70e7a0$fa58dfc8@bahianet.com.br> <xzpso49r4hl.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
I think that's why so many people does not uses FreeBSD. A question
about it causes so many laughes? So, how can a newbie encouraje himself to
use FreeBSD? And the answer is simple, if you don't know, do not use. It's
wonderful. I'll continue using FreeBSD, of course, i know how good it is.
But i didn't use to understand why so many people from the Linux community
says that nobody helps FreeBSD users. Of course i'm not talking about
everyone. There are users (and core programmers), that are open to help. But
with an answer like this, we have to options. De-install FreeBSD when i
can't use something or simply do not try to use that.
If you all thinks that this kind of crash is good, because it was
genereated by a clone flood, OK, so many people will continue using another
operating system or having many crashes because they want to run a IRC
Server. As I said, not everyone is like this, but you that thinks this kind
of questions as idiots, could simply do not answer and delete it from your
mail client.
No more,
Joao Carlos
jcarlos@bahianet.com.br
----- Original Message -----
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
To: Joao Carlos <jcarlos@bahianet.com.br>
Cc: <stable@FreeBSD.ORG>; <questions@FreeBSD.ORG>; <security@FreeBSD.ORG>;
<hitech@bahianet.com.br>
Sent: Monday, September 20, 1999 12:23 PM
Subject: Re: Out of mbuf clusters
> "Joao Carlos" <jcarlos@bahianet.com.br> writes:
> > I'm running FreeBSD 3.3-STABLE, and compiled a kernel with 64 maxusers.
It
> > gives me somethink like 1048 processes. I don't know if it's a bug, or
> > whatever, but i got crazy when i tested a program called CLONE on a IRC
> > Server running i this machine.
> > Before arriving 1024 connections on te IRCD, (NOTE: nothing more like
httpd,
> > squid, etc were running), The machine crashed, with the following
message:
>
> I'll bet your CLONE thingy wasn't properly written, and doesn't
> actually consume the data sent by the server, causing the server to
> fill up mbufs. Currently, FreeBSD panics when it runs out of mbufs.
>
> 1) use ircd connection classes to prevent clients from opening more
> than a small number of connections, and to limit the size of the
> send queue. If you don't know what that means, don't run an IRC
> server.
>
> 2) increase the number of mbuf clusters. If you don't know how to do
> this, don't run an IRC server.
>
> 3) set up a heavy firewall in front of your server (preferably on
> your border router) which protects your server from SYN floods,
> UDP floods, smurfing fingerprinting, etc. If you don't know how to
> do this, don't run an IRC server.
>
> 4) harden your TCP/IP stack to withstand SYN floods, UDP floods,
> smurfing, fingerprinting, etc. Run a recent 4.0, or 3.3-R with my
> hardening patches, and understand what those patches do and how to
> use them. If you don't know how to do this, don't run an IRC
> server.
>
> 5) lock your machine down tight, including disabling all services
> except ircd and ssh and configuring sshd to only accept
> connections from trusted hosts and require RSA authentication (no
> rhosts, no password authentication). If you don't know how to do
> this, don't run an IRC server.
>
> 6) if you need a flooder, try my joiner.pl. Read the source and
> understand how it works and how to tune it before using it. Know
> that it can (and will) crash your server if you didn't do 1) and
> 2) properly. If you don't know how to do this, don't run an IRC
> server.
>
> DES
> --
> Dag-Erling Smorgrav - des@flood.ping.uio.no
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006301bf0384$0c30e2c0$0400a8c0>