sora-x
asked on
get attacked and ksoftirqd/0 consume the cpu ( 100% )
i'm using debian 6 and centos 5.8 and got some attack that causing my box unreachable from network
i've loggin via kvm and top to see the ksoftirqd/0 load at 100%
any suggestion to fixed this problem ?
i've loggin via kvm and top to see the ksoftirqd/0 load at 100%
any suggestion to fixed this problem ?
. Take a look at /proc/interrupts and see if you can spot the one that is in top list...not sure it is network or host level denial at this time
ASKER
59: 484 0 0 186221763 IO-APIC-level eth0
at first this host is in the exsi host when it got attacked only this host down , other still fine.
then i think it maybe the problem about vmware.
so i put it in cisco ucs200 box as standalone server. but the problem still the same after got attacked.
at first this host is in the exsi host when it got attacked only this host down , other still fine.
then i think it maybe the problem about vmware.
so i put it in cisco ucs200 box as standalone server. but the problem still the same after got attacked.
Not so sure it is a real attack or a hw conflict or mismatch instead
http://lists.graemef.net/pipermail/lvs-users/2008-November/021559.html
http://www.linuxquestions.org/questions/linux-security-4/ksoftirqd-uses-100-cpu-686740/
http://lists.graemef.net/pipermail/lvs-users/2008-November/021559.html
http://www.linuxquestions.org/questions/linux-security-4/ksoftirqd-uses-100-cpu-686740/
ASKER
i'm sure that it's real attack as the recv graph in vmware hit about 6m / 20 sec ( ~300k pps / sec ).
before it's got attacked. the server are working well since dec 2011.
before it's got attacked. the server are working well since dec 2011.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Check out some command to further drill down
http://www3.wiredgorilla.com/content/view/183/1/
http://www3.wiredgorilla.com/content/view/183/1/
ASKER
now i'm trying to build a linux firewall box to filter ddos packet.
is there any distro that hardening agains this type of attck ?
PS. my isp support said they can't help much because i'm not in their security zone.
is there any distro that hardening agains this type of attck ?
PS. my isp support said they can't help much because i'm not in their security zone.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.