Date: Fri, 12 Apr 1996 22:45:44 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-current@FreeBSD.org (FreeBSD-current users) Subject: Re: log_in_vain stuff Message-ID: <199604122045.WAA11307@uriah.heep.sax.de> In-Reply-To: <9391.829083934@critter.tfs.com> from "Poul-Henning Kamp" at Apr 9, 96 09:05:34 pm
next in thread | previous in thread | raw e-mail | index | archive | help
As Poul-Henning Kamp wrote: > > You need to figure out a way to rate-limit these messages, otherwise you > > can trivially knock a box into the ground with a packet generator. > syslogd should rate-limit, not the kernel. It does, but you're sometimes overflowing the kernel message buffer (as it seems to me), before syslog can fetch them all: Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah last message repeated 61 times Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah last message repeated 61 times Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah last message repeated 61 times Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:35 uriah last message repeated 557 times This has been caused by a simple perl script that shot 1000 ``sendto''s to port 32123. You notice the crippled messages above, as well as the fact that only 750 attempts out of 1000 have been logged at all. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604122045.WAA11307>