Link to home
Create AccountLog in
Avatar of sora-x
sora-x

asked on

get attacked and ksoftirqd/0 consume the cpu ( 100% )

i'm using debian 6 and centos 5.8 and got some attack that causing my box unreachable from network
i've loggin via kvm and top to see the ksoftirqd/0 load at 100%

any suggestion to fixed this problem ?
Avatar of btan
btan

. Take a look at /proc/interrupts and see if you can spot the one that is in top list...not sure it is network or host level denial at this time
Avatar of sora-x

ASKER

59:        484          0          0  186221763   IO-APIC-level  eth0

at first this host is in the exsi host when it got attacked only this host down , other still fine.
then i think it maybe the problem about vmware.

so i put it in cisco ucs200 box as standalone server. but the problem still the same after got attacked.
Avatar of sora-x

ASKER

i'm sure that it's real attack as the recv graph in vmware hit about 6m / 20 sec ( ~300k pps / sec ).
before it's got attacked. the server are working well since dec 2011.
SOLUTION
Avatar of TimotiSt
TimotiSt
Flag of Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Check out some command to further drill down
 http://www3.wiredgorilla.com/content/view/183/1/
Avatar of sora-x

ASKER

now i'm trying to build a linux firewall box to filter ddos packet.

is there any distro that hardening agains this type of attck ?

PS. my isp support said they can't help much because i'm not in their security zone.
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.