Link to home
Start Free TrialLog in
Avatar of Daniel Wilson
Daniel WilsonFlag for United States of America

asked on

What on CentOS would serve as a DDOS filter?

I am using JMeter to do some mild load testing.  I've started with a CentOS installation at Digital Ocean.

I run X virtual users in a span of 100 seconds.  When I ramp X up any higher than 200, I get the connections after 200 (or thereabouts) refused.  The server is still running.  Without doing anything to it, I can connect again in another minute or so.

If I run JMeter on the VPS (droplet in Digital Ocean parlance), it runs fine ... until I ramp up high enough to get Java memory problems in JMeter.  If I run JMeter on a VPS beside the target, I get the same errors as I get from my PC.

So it has something to do with some networking ... something.  I opened a ticket with Digital Ocean and they say it's not an intermediate device they have that is causing this.

So, what that commonly installs with CentOS would be shutting this off?  I've tried running with IPTables stopped and that hasn't changed anything.  

Thanks!
SOLUTION
Avatar of Gary
Gary
Flag of Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Daniel Wilson
Daniel Wilson
Flag of United States of America image

ASKER

I tried turning IPTables off and got the same result.  I'm pretty sure that's the only firewall on the VPS/droplet. I'm connecting to a NodeJS application.
SOLUTION
Avatar of Nick Upson
Nick Upson
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Gary
Gary
Flag of Ireland image
There is nothing else in Centos that would be limiting the connections, is it possible to test from multiple IP's at the same time to see if it is a limit on an IP or a blanket limit.
Could be as Nick says as well...
Avatar of Daniel Wilson
Daniel Wilson
Flag of United States of America image

ASKER

No, xinetd does not appear to be running.  Here's the list of processes.

[dwil@YBDev2 ~]$ ps -A
  PID TTY          TIME CMD
    1 ?        00:00:00 init
    2 ?        00:00:00 kthreadd
    3 ?        00:00:00 migration/0
    4 ?        00:00:00 ksoftirqd/0
    5 ?        00:00:00 migration/0
    6 ?        00:00:00 watchdog/0
    7 ?        00:00:00 events/0
    8 ?        00:00:00 cgroup
    9 ?        00:00:00 khelper
   10 ?        00:00:00 netns
   11 ?        00:00:00 async/mgr
   12 ?        00:00:00 pm
   13 ?        00:00:00 sync_supers
   14 ?        00:00:00 bdi-default
   15 ?        00:00:00 kintegrityd/0
   16 ?        00:00:00 kblockd/0
   17 ?        00:00:00 kacpid
   18 ?        00:00:00 kacpi_notify
   19 ?        00:00:00 kacpi_hotplug
   20 ?        00:00:00 ata_aux
   21 ?        00:00:00 ata_sff/0
   22 ?        00:00:00 ksuspend_usbd
   23 ?        00:00:00 khubd
   24 ?        00:00:00 kseriod
   25 ?        00:00:00 md/0
   26 ?        00:00:00 md_misc/0
   27 ?        00:00:00 linkwatch
   28 ?        00:00:00 khungtaskd
   29 ?        00:00:00 kswapd0
   30 ?        00:00:00 ksmd
   31 ?        00:00:00 aio/0
   32 ?        00:00:00 crypto/0
   37 ?        00:00:00 kthrotld/0
   39 ?        00:00:00 kpsmoused
   40 ?        00:00:00 usbhid_resumer
   74 ?        00:00:00 kstriped
  128 ?        00:00:00 scsi_eh_0
  129 ?        00:00:00 scsi_eh_1
  237 ?        00:00:00 virtio-blk
  249 ?        00:00:00 jbd2/vda-8
  250 ?        00:00:00 ext4-dio-unwrit
  324 ?        00:00:00 udevd
  357 ?        00:00:00 virtio-net
  601 ?        00:00:00 udevd
  656 ?        00:00:00 kauditd
  712 ?        00:00:00 flush-252:0
  873 ?        00:00:00 auditd
  889 ?        00:00:00 rsyslogd
  911 ?        00:00:00 redis-server
  949 ?        00:00:00 sshd
 1025 ?        00:00:00 master
 1034 ?        00:00:00 pickup
 1035 ?        00:00:00 qmgr
 1041 ?        00:00:05 mongod
 1059 ?        00:00:00 crond
 1077 ?        00:00:00 miniserv.pl
 1087 tty1     00:00:00 mingetty
 1089 tty2     00:00:00 mingetty
 1091 tty3     00:00:00 mingetty
 1093 tty4     00:00:00 mingetty
 1095 tty5     00:00:00 mingetty
 1097 tty6     00:00:00 mingetty
 1229 ?        00:00:00 sshd
 1231 ?        00:00:00 sshd
 1232 pts/0    00:00:00 bash
 1251 pts/0    00:00:00 ps

Open in new window

Avatar of Nick Upson
Nick Upson
Flag of United Kingdom of Great Britain and Northern Ireland image
what are you using for the connections, httpd for example can also limit the number of connections
Avatar of Daniel Wilson
Daniel Wilson
Flag of United States of America image

ASKER

I'm connecting directly to the Node service.  There is no proxy in between.

I can successfully run 200 virtual users from 2 different servers simultaneously.  I'll ramp it up a little higher and see what I get.
Avatar of Daniel Wilson
Daniel Wilson
Flag of United States of America image

ASKER

300 virtual users over 100 seconds, from each of 3 machines was also OK.  500  from each caused whatever's shutting it down to kick in.
Avatar of Nick Upson
Nick Upson
Flag of United Kingdom of Great Britain and Northern Ireland image
have you checked the configuration files / documentation for the node service to see if it has a limit by default
Avatar of Daniel Wilson
Daniel Wilson
Flag of United States of America image

ASKER

Node does have a limit, but changing that limit has no effect.  So the node expert says it's something on the server other than Node.  Or ... something by Digital Ocean.  But Digital Ocean says it isn't them. :(
ASKER CERTIFIED SOLUTION
Avatar of Daniel Wilson
Daniel Wilson
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Daniel Wilson
Daniel Wilson
Flag of United States of America image

ASKER

No real resolution, but effort is very much appreciated.