Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Dec 2000 15:20:40 +0800
From:      "James Lim" <jameslpin@pacific.net.sg>
To:        "Sebastiaan van Erk" <sebster@sebster.com>, <freebsd-security@FreeBSD.ORG>
Subject:   Re: rx list
Message-ID:  <002801c05f55$0a492ac0$fa5e78cb@gchang>
References:  <20001206081549.A49341@sebster.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi there,

            You could try increasing the maxusers to 512 and later increase
your NMBCLUSTERS to prolly 50000. How much ram does your machine has as well
as the CPU speed?  Btw i was wondering whether the new accept filter helps
in DoS attacks.

options                ACCEPT_FILTER_DATA
options                ACCEPT_FILTER_HTTP

options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST
options         ICMP_BANDLIM

to the newsgroup, correct me if I am wrong, thank you!


James Lim
Technical Support Executive

Pacific Internet Limited
89 Science Park Drive
#02-05/06 The Rutherford
Singapore 118261

Finger evilfry@sg.freebsd.org for PGP key.

----- Original Message -----
From: "Sebastiaan van Erk" <sebster@sebster.com>
To: <freebsd-security@FreeBSD.ORG>
Sent: Wednesday, December 06, 2000 3:15 PM
Subject: rx list


> Good morning everybody!!
>
> I have a question. Yesterday two production firewalls were (probably)
> attacked using a DoS attack.
>
> One of them is running 4.1.1-RELEASE, the other is running 3.4-STABLE.
>
> I get these kind of messages in the syslog of both machines.
>
> Dec  6 00:09:43 hobbes /kernel: Out of mbuf clusters - adjust NMBCLUSTERS
or inc
> rease maxusers!
> Dec  6 00:09:43 hobbes /kernel: xl2: no memory for rx list -- packet
dropped!
> Dec  6 00:09:43 hobbes /kernel: xl1: no memory for rx list -- packet
dropped!
>
> I checked on the net, but it seems to suggest that systems after 3.2 and
4.0
> should be safe. Also I don't see any patches.
>
> How likely is it that this is a DoS attack (note that we also get the
message
> on the internal interface!)? And how do I go about fixing it? (I can
increase
> maxusers and NMBCLUSTERS, but then how do I know it's not going to happen
> again?).
>
> Thanks in advance,
> Sebastiaan van Erk
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002801c05f55$0a492ac0$fa5e78cb>