yosmc
asked on
Process suddenly starts using lots of CPU
I have a java chat socket (nexusServer) running on my system. Under normal circumstances, it only uses few resources as it's just a socket passing on data to the actual IRC channel, not a full IRC application itself.
A couple of days ago, nexusServer suddenly started to go really heavily on the CPU (80-100%), and using "top" I could also see that the time running was climbing almost identical to real time (under normal use, it usually stays at 0:00 because the connection times are really short). I watched it for a bit, and after 1:30 hours finally killed the process. I waited a while, then restarted it, and again for about a minute it did the same thing (going heavy on the CPU) and then suddenly went back to normal.
I am assuming that someone was massively scanning the particular port, or that it was maybe even a DoS attack of some kind. Needless to say that I am somewhat concerned. I've only had the server for a couple of months, and although I am trying to learn, I am still far from being an expert. So is my assessment/guess correct that such a behavior can be triggered from the outside without security having been compromised? And I assume that whether or not such an event might LEAD to a security compromise basically relies on the program listening to that port (nexusServer in this case) and whether or not is has some security flaw (leading to a stack overflow or whatever) that the attacker can use to his advantage?
Or am I totally on the wrong track and what I have described can much more likely be caused by...?
Many thanks in advance!
A couple of days ago, nexusServer suddenly started to go really heavily on the CPU (80-100%), and using "top" I could also see that the time running was climbing almost identical to real time (under normal use, it usually stays at 0:00 because the connection times are really short). I watched it for a bit, and after 1:30 hours finally killed the process. I waited a while, then restarted it, and again for about a minute it did the same thing (going heavy on the CPU) and then suddenly went back to normal.
I am assuming that someone was massively scanning the particular port, or that it was maybe even a DoS attack of some kind. Needless to say that I am somewhat concerned. I've only had the server for a couple of months, and although I am trying to learn, I am still far from being an expert. So is my assessment/guess correct that such a behavior can be triggered from the outside without security having been compromised? And I assume that whether or not such an event might LEAD to a security compromise basically relies on the program listening to that port (nexusServer in this case) and whether or not is has some security flaw (leading to a stack overflow or whatever) that the attacker can use to his advantage?
Or am I totally on the wrong track and what I have described can much more likely be caused by...?
Many thanks in advance!
Not so sure is the hacking activities or the program have a leak, anyway, have a look here for setup a secure linux http://www.tldp.org/HOWTO/Security-HOWTO/index.html at lease you can protect your linux box.
ASKER
Thanks for the link, Paul (actually that's one of the pages I used when I set up the server, but it's a good idea to check into it again). What about the leak theory? I'm currently leaning slightly into that direction, because the chat socket also showed above behavior after the last "regular" chat session. However, while I think I understand how a leak can eat up more and more RAM, I'm not quite sure how it can consume more and more CPU time. Any ideas?
ASKER
This problem is still haunting me. I am pretty sure by now that there is actually some sort of "leak" - essentially, when we have a scheduled chat, the CPU usage slowly rises but never goes back, even when the chat is over and everyone is gone.
I'm kinda lost here, because (as stated above) I can understand how a leak can consume your RAM, but not sure how this might work with CPU time. I'm not looking for the ultimate wisdom here - any hints and even guesses are welcome, whoever inspires me to find a solution will get the points.
I'm kinda lost here, because (as stated above) I can understand how a leak can consume your RAM, but not sure how this might work with CPU time. I'm not looking for the ultimate wisdom here - any hints and even guesses are welcome, whoever inspires me to find a solution will get the points.
Does nexusServer really closes the closed sockets after a while ? (have a look at netstat -an)
Is there IP traffic on this port ? (tcpdump)
At worst (and if it still haunts you), you can try to debug the program by running it in a debugger or profiler...
Is there IP traffic on this port ? (tcpdump)
At worst (and if it still haunts you), you can try to debug the program by running it in a debugger or profiler...
ASKER
Thanks for the suggestions. It seems like I was finally able to solve the problem (knocking of wood), and the solution was quite interesting!
In the End, requiring a higher version of Flash from the user clients did the trick. Seems like the problem only occurred when someone connected to the chat who was running Flash 5 on his machine. Saving the client in Flash 6 and forcing everyone to upgrade obviously made the problem go away. A friend pointed me to this possiblility - I had never thought of it! :)
In the End, requiring a higher version of Flash from the user clients did the trick. Seems like the problem only occurred when someone connected to the chat who was running Flash 5 on his machine. Saving the client in Flash 6 and forcing everyone to upgrade obviously made the problem go away. A friend pointed me to this possiblility - I had never thought of it! :)
Since you solve your problem yourself, please post a 0 point request to EE admin here https://www.experts-exchange.com/Community_Support/ request to closed and points refund :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.