?
Solved

Process suddenly starts using lots of CPU

Posted on 2003-11-23
8
Medium Priority
?
502 Views
Last Modified: 2012-05-04
I have a java chat socket (nexusServer) running on my system. Under normal circumstances, it only uses few resources as it's just a socket passing on data to the actual IRC channel, not a full IRC application itself.

A couple of days ago, nexusServer suddenly started to go really heavily on the CPU (80-100%), and using "top" I could also see that the time running was climbing almost identical to real time (under normal use, it usually stays at 0:00 because the connection times are really short). I watched it for a bit, and after 1:30 hours finally killed the process. I waited a while, then restarted it, and again for about a minute it did the same thing (going heavy on the CPU) and then suddenly went back to normal.

I am assuming that someone was massively scanning the particular port, or that it was maybe even a DoS attack of some kind. Needless to say that I am somewhat concerned. I've only had the server for a couple of months, and although I am trying to learn, I am still far from being an expert. So is my assessment/guess correct that such a behavior can be triggered from the outside without security having been compromised? And I assume that whether or not such an event might LEAD to a security compromise basically relies on the program listening to that port (nexusServer in this case) and whether or not is has some security flaw (leading to a stack overflow or whatever) that the attacker can use to his advantage?

Or am I totally on the wrong track and what I have described can much more likely be caused by...?

Many thanks in advance!
0
Comment
Question by:yosmc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:paullamhkg
ID: 9808593
Not so sure is the hacking activities or the program have a leak, anyway, have a look here for setup a secure linux http://www.tldp.org/HOWTO/Security-HOWTO/index.html at lease you can protect your linux box.
0
 

Author Comment

by:yosmc
ID: 9808808
Thanks for the link, Paul (actually that's one of the pages I used when I set up the server, but it's a good idea to check into it again). What about the leak theory? I'm currently leaning slightly into that direction, because the chat socket also showed above behavior after the last "regular" chat session. However, while I think I understand how a leak can eat up more and more RAM, I'm not quite sure how it can consume more and more CPU time. Any ideas?
0
 

Author Comment

by:yosmc
ID: 9850944
This problem is still haunting me. I am pretty sure by now that there is actually some sort of "leak" - essentially, when we have a scheduled chat, the CPU usage slowly rises but never goes back, even when the chat is over and everyone is gone.

I'm kinda lost here, because (as stated above) I can understand how a leak can consume your RAM, but not sure how this might work with CPU time. I'm not looking for the ultimate wisdom here - any hints and even guesses are welcome, whoever inspires me to find a solution will get the points.
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 3

Expert Comment

by:mac_
ID: 10204587
Does nexusServer really closes the closed sockets after a while ? (have a look at netstat -an)

Is there IP traffic on this port ? (tcpdump)

At worst (and if it still haunts you), you can try to debug the program by running it in a debugger or profiler...
0
 

Author Comment

by:yosmc
ID: 10262660
Thanks for the suggestions. It seems like I was finally able to solve the problem (knocking of wood), and the solution was quite interesting!

In the End, requiring a higher version of Flash from the user clients did the trick. Seems like the problem only occurred when someone connected to the chat who was running Flash 5 on his machine. Saving the client in Flash 6 and forcing everyone to upgrade obviously made the problem go away. A friend pointed me to this possiblility - I had never thought of it! :)
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 10267272
Since you solve your problem yourself, please post a 0 point request to EE admin here http://www.experts-exchange.com/Community_Support/  request to closed and points refund :)
0
 
LVL 2

Accepted Solution

by:
Lunchy earned 0 total points
ID: 10299099
PAQed, with points refunded (500)

Lunchy
Friendly Neighbourhood Community Support Admin
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question