Date: Fri, 10 Jun 2005 19:34:17 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org, Riccardo Giuntoli <taglio@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: very heavy load avarage Message-ID: <200506101934.24910.max@love2party.net> In-Reply-To: <31fbaca905061009107e7df9cf@mail.gmail.com> References: <31fbaca905061009107e7df9cf@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2224196.I7V43yhbIm Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 10 June 2005 18:10, Riccardo Giuntoli wrote: > Hi folks, > i've got a server with FreeBSD 5.4-STABLE and pf with a gigabit > ethernet interface directly on internet. Two C class are routed over > it, and i sell shell account for irc processes. As you know on irc > many times the server is under DDOS attack many time up to 100 mb/s. > But with one gigabit connection the problem isn't the band of the > attack, my server's cpu load avarage goes extremly high, you can > verify here: > > http://www.6shells.net/graphs/graph_14.html > > What can i do for decrease it? If I am reading the graph right, this is load (i.e. number of processes abl= e=20 to run, but waiting for a CPU). High values of that usually suggest the=20 problem is a local user fork-bombing your system or some other daemon/servi= ce=20 gone wild. Try to cut down the number of processes a (shell-)user may have= =20 via login.conf and see if that helps. If it is not on of the (ab)users, tr= y=20 to nail down the daemon that does it and figure out why. I don't think pf will be a lot of help against this type of attack - unless= =20 this is your IRCd forking. In that case you could try to limit the states = a=20 single IP can create (see "max-src-states" in pf.conf) or rate-limit the=20 connections with CURRENT's "max-src-conn-rate". =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2224196.I7V43yhbIm Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQBCqc8gXyyEoT62BG0RAtUiAJ4lyoXMtAPYQCtmfd/pHCrdZQHmhgCfc3j3 DjyEm8drz8eoQ6n9SOp2Pmo= =S5bQ -----END PGP SIGNATURE----- --nextPart2224196.I7V43yhbIm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506101934.24910.max>