|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Martin McCormick (martin_at_dc.cis.okstate.edu)
Date: Tue Jan 21 2003 - 10:38:28 CST
Mike Tancsa writes:
>It could be a ping flood, but if its happening after named dies, its more
>likely your kernel sending back messages to all the hosts asking for DNS
>requests. i.e. since named is dead, you had 231 DNS requests coming in per
>second. The kernel, limits its response to the first 200 hosts, sending
>back a message saying there is nothing listening on that port.
That is extremely likely. I don't know why named died as
it is usually as tough as iron, but we sometimes get over 400,000
requests per hour at peak times so this may have been the result
rather than the cause. It is hard to tell exactly when the named
process stopped but it could have been as early as the first
messages. there have been no more ICMP limitations since I
restarted bind.
Again, many thanks to all of you in the best UNIX
tradition.
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]