Re: [BAD] the whole server down with a red-alert-like attack
On Thu, Jan 24, 2002 at 11:58:57AM +0100, endre@interware.hu wrote:
>
>
> On Thu, 24 Jan 2002, alexis bory wrote:
>
> > This morning my litlle server (potato, apache 1.3.9) was down. No
> > webservices, no ssh, nothing but ping :(
> >
> > Jan 24 06:13:54 sfa01 kernel: VM: do_try_to_free_pages failed for kswapd...
>
> upgrade your kernel.
>
> > Jan 24 06:15:59 sfa01 kernel: VM: killing process cfserver
>
> imho you should lower apache maxclients so it won't bring the machine
> down when attacked.
I made the same experience with some testing script on one of my
routers. I run that script from cron to often. When the conditions
were good, the one run end before cron run the next. But once the
conditions changed, the script started from cron befer previous
instance neds. In a few minutes the machine become overloaded (run
out of physical memory, and swap doesn't saved me in this case).
There was log a full of messages like yours. I also wasn't able to
connect to that router with ssh. Only few minutes after reboot it was
possible to login to router.
I resolved my problem with not running that script every minute but
relax rules and run it vere five or ten munites.
So I recomend you to limit the number of instances the apache can run
in one time.
--
Radek Hnilica <Radek at Hnilica dot CZ>
===========================
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
Reply to: