lots of sockets in TIME_WAIT
Saulius Menkevièius
razzmatazz at mail.lt
Tue May 20 12:30:20 PDT 2003
Hi there,
I have some DDOS(?) attack on my router going where my apache HTTP
server is flooded with short-timed connections from some host. This
results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and
eventually I'm out of mbufs, which, consequently means I can't even
connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I
guess high enough for router with DSL connection).
After some time all mbufs are depleted (system says "All mbuf
cluster exhausted"). However, unexpectedly the system panics shortly
in about 10 minutes (+/-) with:
/kernel: All mbuf cluster exhausted, please see tuning(7)
/kernel: looutput: mbuf allocation failed
/kernel: panic: sbappendaddr
/kernel:
/kernel: syncing disks....
.
.
I don't think this behaviour (a panic) is normal. This crash is
happens often when I'm under such attack and I guess I can easily
give crash dump, kgdb output or something like, if you need.
System is running 4.8-RELEASE, on iPentium166/mmx with 64MB of RAM.
4 NICs, BRIDGE on two of them.
Thanks for any response..
P.S. (is there some sysctl oid for setting TIME_WAIT duration?)
--
Saulius Menkevicius, razzmatazz at mail.lt on 05.20.2003
More information about the freebsd-stable
mailing list