[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

Process suddenly starts using lots of CPU

I have a java chat socket (nexusServer) running on my system. Under normal circumstances, it only uses few resources as it's just a socket passing on data to the actual IRC channel, not a full IRC application itself.

A couple of days ago, nexusServer suddenly started to go really heavily on the CPU (80-100%), and using "top" I could also see that the time running was climbing almost identical to real time (under normal use, it usually stays at 0:00 because the connection times are really short). I watched it for a bit, and after 1:30 hours finally killed the process. I waited a while, then restarted it, and again for about a minute it did the same thing (going heavy on the CPU) and then suddenly went back to normal.

I am assuming that someone was massively scanning the particular port, or that it was maybe even a DoS attack of some kind. Needless to say that I am somewhat concerned. I've only had the server for a couple of months, and although I am trying to learn, I am still far from being an expert. So is my assessment/guess correct that such a behavior can be triggered from the outside without security having been compromised? And I assume that whether or not such an event might LEAD to a security compromise basically relies on the program listening to that port (nexusServer in this case) and whether or not is has some security flaw (leading to a stack overflow or whatever) that the attacker can use to his advantage?

Or am I totally on the wrong track and what I have described can much more likely be caused by...?

Many thanks in advance!
0
yosmc
Asked:
yosmc
1 Solution
 
paullamhkgCommented:
Not so sure is the hacking activities or the program have a leak, anyway, have a look here for setup a secure linux http://www.tldp.org/HOWTO/Security-HOWTO/index.html at lease you can protect your linux box.
0
 
yosmcAuthor Commented:
Thanks for the link, Paul (actually that's one of the pages I used when I set up the server, but it's a good idea to check into it again). What about the leak theory? I'm currently leaning slightly into that direction, because the chat socket also showed above behavior after the last "regular" chat session. However, while I think I understand how a leak can eat up more and more RAM, I'm not quite sure how it can consume more and more CPU time. Any ideas?
0
 
yosmcAuthor Commented:
This problem is still haunting me. I am pretty sure by now that there is actually some sort of "leak" - essentially, when we have a scheduled chat, the CPU usage slowly rises but never goes back, even when the chat is over and everyone is gone.

I'm kinda lost here, because (as stated above) I can understand how a leak can consume your RAM, but not sure how this might work with CPU time. I'm not looking for the ultimate wisdom here - any hints and even guesses are welcome, whoever inspires me to find a solution will get the points.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
mac_Commented:
Does nexusServer really closes the closed sockets after a while ? (have a look at netstat -an)

Is there IP traffic on this port ? (tcpdump)

At worst (and if it still haunts you), you can try to debug the program by running it in a debugger or profiler...
0
 
yosmcAuthor Commented:
Thanks for the suggestions. It seems like I was finally able to solve the problem (knocking of wood), and the solution was quite interesting!

In the End, requiring a higher version of Flash from the user clients did the trick. Seems like the problem only occurred when someone connected to the chat who was running Flash 5 on his machine. Saving the client in Flash 6 and forcing everyone to upgrade obviously made the problem go away. A friend pointed me to this possiblility - I had never thought of it! :)
0
 
paullamhkgCommented:
Since you solve your problem yourself, please post a 0 point request to EE admin here http://www.experts-exchange.com/Community_Support/  request to closed and points refund :)
0
 
LunchyCommented:
PAQed, with points refunded (500)

Lunchy
Friendly Neighbourhood Community Support Admin
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now