Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q3

FreeBSD Security Archives: Re: Out of mbuf clusters

Re: Out of mbuf clusters

Dag-Erling Smorgrav (desflood.ping.uio.no)
20 Sep 1999 17:23:50 +0200

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Luigi Rizzo: "Re: Out of mbuf clusters"
Previous message: Kiril Mitev: "Re: Real-time alarms"
In reply to: Rodney W. Grimes: "Re: Real-time alarms"
Next in thread: Luigi Rizzo: "Re: Out of mbuf clusters"
Reply: Luigi Rizzo: "Re: Out of mbuf clusters"
Reply: Garrett Wollman: "Re: Out of mbuf clusters"
Reply: Kip Macy: "Re: Out of mbuf clusters"

"Joao Carlos" <jcarlosbahianet.com.br> writes:
> I'm running FreeBSD 3.3-STABLE, and compiled a kernel with 64 maxusers. It
> gives me somethink like 1048 processes. I don't know if it's a bug, or
> whatever, but i got crazy when i tested a program called CLONE on a IRC
> Server running i this machine.
> Before arriving 1024 connections on te IRCD, (NOTE: nothing more like httpd,
> squid, etc were running), The machine crashed, with the following message:

I'll bet your CLONE thingy wasn't properly written, and doesn't
actually consume the data sent by the server, causing the server to
fill up mbufs. Currently, FreeBSD panics when it runs out of mbufs.

1) use ircd connection classes to prevent clients from opening more
    than a small number of connections, and to limit the size of the
    send queue. If you don't know what that means, don't run an IRC
    server.

2) increase the number of mbuf clusters. If you don't know how to do
this, don't run an IRC server.

3) set up a heavy firewall in front of your server (preferably on
    your border router) which protects your server from SYN floods,
    UDP floods, smurfing fingerprinting, etc. If you don't know how to
    do this, don't run an IRC server.

4) harden your TCP/IP stack to withstand SYN floods, UDP floods,
    smurfing, fingerprinting, etc. Run a recent 4.0, or 3.3-R with my
    hardening patches, and understand what those patches do and how to
    use them. If you don't know how to do this, don't run an IRC
    server.

5) lock your machine down tight, including disabling all services
    except ircd and ssh and configuring sshd to only accept
    connections from trusted hosts and require RSA authentication (no
    rhosts, no password authentication). If you don't know how to do
    this, don't run an IRC server.

6) if you need a flooder, try my joiner.pl. Read the source and
    understand how it works and how to tune it before using it. Know
    that it can (and will) crash your server if you didn't do 1) and
    2) properly. If you don't know how to do this, don't run an IRC
    server.

DES

-- Dag-Erling Smorgrav - des

flood.ping.uio.no

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Next message: Luigi Rizzo: "Re: Out of mbuf clusters"
Previous message: Kiril Mitev: "Re: Real-time alarms"
In reply to: Rodney W. Grimes: "Re: Real-time alarms"
Next in thread: Luigi Rizzo: "Re: Out of mbuf clusters"
Reply: Luigi Rizzo: "Re: Out of mbuf clusters"
Reply: Garrett Wollman: "Re: Out of mbuf clusters"
Reply: Kip Macy: "Re: Out of mbuf clusters"

This archive was generated by hypermail 2.0b3 on Mon Sep 20 1999 - 10:23:27 CDT