Jason, Uh...your inexperience is showing. :) The title of the post is "DOS attacks?" My question was, "Has anyone heard anything about any worms or DOS attacks happening which might account for this?"
Of course I expect useful information such as confirmation that someone else is experiencing attacks that result in similar symptoms on the server or perhaps there was a security bulletin released for OBSD that I have missed. There was a bulletin just released for FreeBSD's TCP stack which talked about an exposure to DOS attacks that could cause TCP to stop working. Seems reasonable to inquire about OBSD when I'm having a problem that sounds like it might possibly be related, doesn't it? > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Jason Crawford > Sent: Thursday, June 30, 2005 11:39 AM > To: Dave Beckstrom > Cc: misc@openbsd.org > Subject: Re: DOS Attacks? > > Come on, seriously. Do you expect any type of useful help with a plea > that consists of: > Things stopped working! > Some important network info (which I won't include) didn't seem to > show anything wrong! > help! > Do YOU think you could help someone that gave you so little information? > You even mention a time when it usually happens, but NO logs at all. > Seriously, we need more information. > > Jason > > On 6/30/05, Dave Beckstrom <[EMAIL PROTECTED]> wrote: > > I've been fighting a problem with my openbsd firewall for a few days > now. > > The system is a 1 ghz Pentium processor with 512 meg of ram. It's > running > > as a transparent bridged firewall doing nothing but packet filtering. > > > > The problem I run into is that it will suddenly stop processing and my > > internet connection drops. I'll have a ping running against an external > > site and the firewall might stop processing packets for 2 or 3 minutes > and > > then it starts working again. Then it may run for 20 minutes and stop > > working for 5 minutes. It may run 8 or 10 hours without any problems and > > then suddenly it gets flakey for an hour or two where I have to keep > > rebooting to keep it processing. The system ran for a year prior with > no > > such problems. > > > > I have tried installing OBSD 3.4, OBSD 3.6 and OBSD 3.7 (which I'm > currently > > running on). It has done it on all 3 versions of OBSD. I even built a > > new, temporary, firewall on a completely different machine and the same > > thing happened. It doesn't seem to be a hardware problem. > > > > The firewall sits behind a CISCO 2610 router which means a 10 meg > Ethernet > > connection coming into the firewall. > > > > If I remove the firewall I can watch the pings and they never miss a > beat. > > It is definitely the firewall that stops processing packets. > > > > Netstat -m shows plenty of available clusters (66% in use at peak). The > > packet filter table shows 600 packets per second around the time that it > > fails. CPU usage is very low with plenty of ram available. > > > > Has anyone heard anything about any worms or DOS attacks happening which > > might account for this? The problems predominantly happen late evening > or > > in the middle of the night. > > > > Thanks, > > > > Dave
