> > 2. Being able to log in and identify the right processes within the Timeout > > period. On our servers that is 3 minutes. There's usually that much lag > > just in the time period from alert generated until it hits our pagers.
> Or attacking your own server with Slapper, which is what someone > else attempting to debug this will have to do. Understood. I'm trying to find a server we can repurpose to just running a single instance of this, since our IP space is getting hit twice a day right now. Our main servers are too busy to do this on ;-( Let me work on this a bit. > > Also, I doubt this is child-related .. all of our servers have hundreds of > > children, but no server has more than 30 sites. Somehow this attack is > > choking the accept queue, preventing access to the other unaffected > > children. > That's one possibility... Another would be clogging of access to the > session cache. In the first case, it's hard to understand how OpenSSL > could be the cause of the problem. > > Here's a question: do you lose HTTP access or just HTTPS access? Both. Only on SSL-enabled servers. Rephrase, only on OpenSSL servers. And yes I'm hella confused myself. -- Joe Rhett Chief Geek [EMAIL PROTECTED] ISite Services, Inc. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
