lots of sockets in TIME_WAIT
Eugene Grosbein
eugen at kuzbass.ru
Tue May 20 19:04:50 PDT 2003
"Saulius MenkeviХius" wrote:
>
> Hi there,
>
> I have some DDOS(?) attack on my router going where my apache HTTP
> server is flooded with short-timed connections from some host. This
> results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and
> eventually I'm out of mbufs, which, consequently means I can't even
> connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I
> guess high enough for router with DSL connection).
> After some time all mbufs are depleted (system says "All mbuf
> cluster exhausted"). However, unexpectedly the system panics shortly
> in about 10 minutes (+/-) with:
> /kernel: All mbuf cluster exhausted, please see tuning(7)
> /kernel: looutput: mbuf allocation failed
> /kernel: panic: sbappendaddr
> /kernel:
> /kernel: syncing disks....
> .
> .
> I don't think this behaviour (a panic) is normal. This crash is
> happens often when I'm under such attack and I guess I can easily
> give crash dump, kgdb output or something like, if you need.
> System is running 4.8-RELEASE, on iPentium166/mmx with 64MB of RAM.
> 4 NICs, BRIDGE on two of them.
>
> Thanks for any response..
I agree with you. I've got crashdump for mbuf-related kernel panic
(sbappendaddr), see http://www.FreeBSD.org/cgi/query-pr.cgi?pr=kern/50803
I believe a kernel must not panic due to DoS.
Eugene Grosbein
More information about the freebsd-net
mailing list