very heavy load avarage

Max Laier max at love2party.net
Fri Jun 10 17:34:31 GMT 2005


On Friday 10 June 2005 18:10, Riccardo Giuntoli wrote:
> Hi folks,
> i've got a server with FreeBSD 5.4-STABLE and pf with a gigabit
> ethernet interface directly on internet. Two C class are routed over
> it, and i sell shell account for irc processes. As you know on irc
> many times the server is under DDOS attack many time up to 100 mb/s.
> But with one gigabit connection the problem isn't the band of the
> attack, my server's cpu load avarage goes extremly high, you can
> verify here:
>
> http://www.6shells.net/graphs/graph_14.html
>
> What can i do for decrease it?

If I am reading the graph right, this is load (i.e. number of processes able 
to run, but waiting for a CPU).  High values of that usually suggest the 
problem is a local user fork-bombing your system or some other daemon/service 
gone wild.  Try to cut down the number of processes a (shell-)user may have 
via login.conf and see if that helps.  If it is not on of the (ab)users, try 
to nail down the daemon that does it and figure out why.

I don't think pf will be a lot of help against this type of attack - unless 
this is your IRCd forking.  In that case you could try to limit the states a 
single IP can create (see "max-src-states" in pf.conf) or rate-limit the 
connections with CURRENT's "max-src-conn-rate".

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050610/9d5488c5/attachment.bin


More information about the freebsd-questions mailing list