Does anyone here know what to do about this?
Thanks!
Jan
-------- Original Message --------
| From: | - Sat Aug 18 12:19:58 2001 |
|---|---|
| X-UIDL: | 998151141.23696.digitaldaemon.com,S=3760 |
| X-Mozilla-Status: | 0013 |
| X-Mozilla-Status2: | 00000000 |
| Return-Path: | <[EMAIL PROTECTED]> |
| Delivered-To: | [EMAIL PROTECTED] |
| Received: | (qmail 23693 invoked from network); 18 Aug 2001 16:12:20 -0000 |
| Received: | from unknown (HELO sm4.texas.rr.com) ([EMAIL PROTECTED]) by digitaldaemon.com with SMTP; 18 Aug 2001 16:12:20 -0000 |
| Received: | from [192.168.0.138] (cs6668179-144.austin.rr.com [66.68.179.144]) by sm4.texas.rr.com (8.12.0.Beta5/8.12.0.Beta5) with ESMTP id f7IGE8KE018133; Sat, 18 Aug 2001 11:14:08 -0500 |
| User-Agent: | Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022 |
| Date: | Sat, 18 Aug 2001 11:14:12 -0500 |
| Subject: | Re: slashdotted: /kernel: xl0: no memory for rx list -- packet dropped! |
| From: | "Michael C. Wu" <[EMAIL PROTECTED]> |
| To: | Jan Knepper <[EMAIL PROTECTED]>, FreeBSD ISP <[EMAIL PROTECTED]> |
| Message-ID: | <[EMAIL PROTECTED]> |
| In-Reply-To: | <[EMAIL PROTECTED]> |
| Mime-version: | 1.0 |
| Content-type: | text/plain; charset="US-ASCII" |
| Content-transfer-encoding: | 7bit |
on 08/18/2001 11:04 AM, Jan Knepper at [EMAIL PROTECTED] wrote: > Last Thursday one of the sites I host got slashdotted > (http://www.slashdot.com/) and amazingly FreeBSD 4.3 on PIII 600 Mhz > with 128 MB RAM took the load gracefully. I.e. until around 5 PM EST > when I got messages like:
This should a good enough system. > /kernel: xl0: no memory for rx list -- packet dropped! > > at the console... > > So what I did is, I terminated some of the daemon's that were not really > used as a couple of httpd server, etc. This seemed to solve the problem, > however... When I run a netstat -na right now I get the impression that > there is still some garbadge in memory from this experience: > > As: > tcp4 0 15360 63.105.9.61.20 217.80.179.220.2822 LAST_ACK > t cp4 0 15360 63.105.9.61.20 193.219.43.81.2591 LAST_ACK > tcp4 0 15360 63.105.9.61.20 200.11.220.5.2535 LAST_ACK > tcp4 0 15360 63.105.9.61.20 200.11.220.5.1736 LAST_ACK > tcp4 0 15360 63.105.9.61.20 200.11.220.5.1735 LAST_ACK > tcp4 0 15360 63.105.9.61.20 202.133.131.44.3651 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.4486 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.4338 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.3452 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.3449 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.1825 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.2922 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.2390 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.2310 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.1598 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.1597 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.1556 LAST_ACK > tcp4 0 15360 63.105.9.61.20 193.124.148.213.1553 LAST_ACK > tcp4 0 15360 63.105.9.61.20 203.195.181.4.1440 LAST_ACK > > I am sure this has been in there the last at least 24 hours and I can > see nothing is happening. I suspect that this is because of the no > memory for rx list, but I am not quite sure. I was kinda a cool feeling > though that FreeBSD didn't give up, but still runs!!! I think you might have been attacked by a well-known attack, simply named the LAST_ACK attack. It puts our TCP state machine into whack by not sending the proper TCP states. There is no way around it. > Is there anyway to clean thi s up without having to reboot the system? I don't know. :) -- [EMAIL PROTECTED]
