sshd stops accepting connections
Kris Kennaway
kris at obsecurity.org
Wed Nov 17 19:28:42 PST 2004
On Wed, Nov 17, 2004 at 07:19:21PM -0800, Doug White wrote:
> This is the kicker -- sshd couldn't fork because somethnig went berzerk.
>
> > Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 to
> > 200 packets/sec
>
> This looks a lot like a SYN flood on some daemon that fork()s each
> connection but doesn't have any limits.
>
> The disk error could certainly be related, although I'm not sure
> why it would cause something to spike up and hit maxproc.
Often the processes running on the machine will block while waiting
for the disk to time out (i.e. if they're also attempting to use the
disk, typical for a webserver) ..if the machine is reasonably busy,
there could be a lot of pending connections that are suddenly
processed when the drive resets.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20041117/654764f1/attachment.bin
More information about the freebsd-stable
mailing list