[Wylug-discuss] Linux server assistance
j.lander at leeds.ac.uk
j.lander at leeds.ac.uk
Mon Nov 5 21:43:49 UTC 2012
Lee,
> We have been having some trouble with outages, which I suspect to be due to
> load (and possibly malicious at that) issues.
>
> The server locks up or grinds to a halt, there are far more httpd processes
> running than normal yet the usage stats suggest that there aren?t many live
> users.
Just to eliminate the obvious: are you sure they you have sufficient
memory.
Locking-up and grinding to a halt can mean that available memory is
exhausted and the machine is pageing to-and-from swap.
> My personal suspicion given the symptoms is a targeted DDoS attack using
> some sort of SYN flood to open too many connections which have a dead end.
Have you looked at the output of
netstat -a
If you were in the middle of some kind of connection-hogging attack, there
should be a very long list of connections.
- Jason
More information about the Wylug-discuss
mailing list