On Mon, 1 Jun 2026, Bill Cole wrote:
On 2026-06-01 at 08:23:48 UTC-0400 (Mon, 01 Jun 2026 08:23:48 -0400)
Bill Cole <[email protected]>
is rumored to have said:
On 2026-05-31 at 19:36:44 UTC-0400 (Sun, 31 May 2026 16:36:44 -0700 (PDT))
John Hardin <[email protected]>
is rumored to have said:
On Sat, 30 May 2026, Bill Cole wrote:
I decided to count how often the system on sa-vm has been getting so
busy it kills processes:
Is this a contributor to the bursts of failed DNS lookups?
Yes, it is the root cause of failures. Everything gets so backed up with
the system trying to make every last bit of RAM available, that a DNS
lookup can get swapped out for minutes, during which it times out. The
same goes for everything else on the system; every process is stalled for
so long that they time out without having any real run time.
As an example, for the past hour I've been trying to get a ssh link up to
sa-vm, and cannot. I'm competing with untold hordes of DDoSers for enough RAM
to start a working TCP session.
Sigh.
A long-term mitigation for this would be to divorce the ruleqa web UI from
the ruleqa rescoring backend, which does not need any public-facing attach
surface beyond SSH and RSync. Then a DDoS of the website wouldn't be able
to take down the scoring and rule generation processes.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Collectivism: forever just one more execution away from Paradise.
-----------------------------------------------------------------------
5 days until the 82nd anniversary of D-Day
