Re: SYN flooding on port 80 + DMAR:[DMA Write] faults

2016-03-13 Thread Toralf Förster 
Francois Romieu:
> Toralf Förster  :
>> Today my server (64 bit hardened Gentoo kernel) was faced a SYN-flood attack.
>> I do wonder if the DMAR events points to an issue in the kernel ?
> 
> Please send a compressed log including all 'fault addr' lines as well
> as the (module probe time) XID line from the r8169 driver.




-- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7


kern.log.gz
Description: application/gzip


syn.log.gz
Description: application/gzip

Re: SYN flooding on port 80 + DMAR:[DMA Write] faults

2016-03-12 Thread Francois Romieu 
Toralf Förster  :
> Today my server (64 bit hardened Gentoo kernel) was faced a SYN-flood attack.
> I do wonder if the DMAR events points to an issue in the kernel ?

Please send a compressed log including all 'fault addr' lines as well
as the (module probe time) XID line from the r8169 driver.

-- 
Ueimor

SYN flooding on port 80 + DMAR:[DMA Write] faults

2016-03-12 Thread Toralf Förster 
Today my server (64 bit hardened Gentoo kernel) was faced a SYN-flood attack.
I do wonder if the DMAR events points to an issue in the kernel ?


Mar 12 21:56:51 ms-magpie kernel: [99582.831584] TCP: request_sock_TCP: 
Possible SYN flooding on port 80. Sending cookies.  Check SNMP counters.
Mar 12 21:57:17 ms-magpie kernel: [99609.502567] [ cut here 
]
Mar 12 21:57:17 ms-magpie kernel: [99609.502575] WARNING: CPU: 2 PID: 18218 at 
net/sched/sch_generic.c:303 dev_watchdog+0x235/0x240()
Mar 12 21:57:17 ms-magpie kernel: [99609.502577] NETDEV WATCHDOG: enp3s0 
(r8169): transmit queue 0 timed out
Mar 12 21:57:17 ms-magpie kernel: [99609.502578] Modules linked in: af_packet 
nf_log_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables 
nf_log_ipv4 nf_log_common xt_LOG xt_multiport nf_conntrack_ipv4 nf_defrag_ipv4 
xt_conntrack nf_conntrack iptable_filter ip_tables hmac drbg tpm_tis tpm 
thermal processor atkbd i2c_i801 i2c_core button x86_pkg_temp_thermal
Mar 12 21:57:17 ms-magpie kernel: [99609.502601] CPU: 2 PID: 18218 Comm: 
cc1plus Not tainted 4.4.5-hardened #1
Mar 12 21:57:17 ms-magpie kernel: [99609.502603] Hardware name: System 
manufacturer System Product Name/P8H77-M PRO, BIOS 0922 09/10/2012
Mar 12 21:57:17 ms-magpie kernel: [99609.502605]  8b20482b 
0286  88041fa83d98
Mar 12 21:57:17 ms-magpie kernel: [99609.502608]  8aad5247 
0007 88041fa83de0 8afb6257
Mar 12 21:57:17 ms-magpie kernel: [99609.502611]  88041fa83dd0 
8a879e8c 8afb6257 012f
Mar 12 21:57:17 ms-magpie kernel: [99609.502614] Call Trace:
Mar 12 21:57:17 ms-magpie kernel: [99609.502616][] 
dump_stack+0x4e/0x77
Mar 12 21:57:17 ms-magpie kernel: [99609.502625]  [] 
warn_slowpath_common+0x7c/0xc0
Mar 12 21:57:17 ms-magpie kernel: [99609.502627]  [] 
warn_slowpath_fmt+0x5b/0x70
Mar 12 21:57:17 ms-magpie kernel: [99609.502631]  [] ? 
__update_cpu_load+0xe3/0x140
Mar 12 21:57:17 ms-magpie kernel: [99609.502634]  [] 
dev_watchdog+0x235/0x240
Mar 12 21:57:17 ms-magpie kernel: [99609.502637]  [] ? 
dev_deactivate_queue+0x70/0x70
Mar 12 21:57:17 ms-magpie kernel: [99609.502640]  [] 
call_timer_fn.isra.24+0x2e/0x90
Mar 12 21:57:17 ms-magpie kernel: [99609.502643]  [] ? 
dev_deactivate_queue+0x70/0x70
Mar 12 21:57:17 ms-magpie kernel: [99609.502645]  [] 
run_timer_softirq+0x224/0x3b0
Mar 12 21:57:17 ms-magpie kernel: [99609.502649]  [] ? 
clockevents_program_event+0x7f/0x120
Mar 12 21:57:17 ms-magpie kernel: [99609.502652]  [] 
__do_softirq+0xef/0x1e0
Mar 12 21:57:17 ms-magpie kernel: [99609.502654]  [] 
irq_exit+0x80/0x90
Mar 12 21:57:17 ms-magpie kernel: [99609.502657]  [] 
smp_apic_timer_interrupt+0x4f/0x70
Mar 12 21:57:17 ms-magpie kernel: [99609.502662]  [] 
apic_timer_interrupt+0x8b/0x90
Mar 12 21:57:17 ms-magpie kernel: [99609.502663]  
Mar 12 21:57:17 ms-magpie kernel: [99609.502665] ---[ end trace 
10603242d3d9404d ]---
Mar 12 21:57:17 ms-magpie kernel: [99609.519275] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:57:29 ms-magpie kernel: [99621.522005] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:57:41 ms-magpie kernel: [99633.518745] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:57:53 ms-magpie kernel: [99645.514461] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:58:05 ms-magpie kernel: [99657.525221] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:58:17 ms-magpie kernel: [99669.519938] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:58:35 ms-magpie kernel: [99687.513517] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:58:47 ms-magpie kernel: [99699.518283] r8169 :03:00.0 enp3s0: 
link up
Mar 12 21:58:59 ms-magpie kernel: [99711.512010] r8169 :03:00.0 enp3s0: 
link up
Mar 12 22:00:41 ms-magpie kernel: [99813.511713] r8169 :03:00.0 enp3s0: 
link up
Mar 12 22:00:53 ms-magpie kernel: [99825.510459] r8169 :03:00.0 enp3s0: 
link up
Mar 12 22:01:05 ms-magpie kernel: [99837.508171] r8169 :03:00.0 enp3s0: 
link up
Mar 12 22:01:05 ms-magpie kernel: [99837.518271] DMAR: DRHD: handling fault 
status reg 3
Mar 12 22:01:05 ms-magpie kernel: [99837.518277] DMAR: DMAR:[DMA Write] Request 
device [03:00.0] fault addr ffbfb000
Mar 12 22:01:05 ms-magpie kernel: [99837.518277] DMAR:[fault reason 05] PTE 
Write access is not set
Mar 12 22:01:05 ms-magpie kernel: [99837.523139] DMAR: DRHD: handling fault 
status reg 3
Mar 12 22:01:05 ms-magpie kernel: [99837.523144] DMAR: DMAR:[DMA Write] Request 
device [03:00.0] fault addr ffbf8000
Mar 12 22:01:05 ms-magpie kernel: [99837.523144] DMAR:[fault reason 05] PTE 
Write access is not set
Mar 12 22:01:05 ms-magpie kernel: [99837.523213] DMAR: DRHD: handling fault 
status reg 3
Mar 12 22:01:05 ms-magpie kernel: [99837.523217] DMAR: DMAR:[DMA Write] Request 
device [03:00.0] fault addr ffbf5000
Mar 12 22:01:05 ms-magpie kernel: [99837.523217] DMAR:[fault reason 05] PTE 
Write access is not set
Mar 12 22:01:05 ms-magpie kernel: [99837.523221] DMAR: DRHD: handling