Welcome! Log In Create A New Profile

Re: DDoS Attack Log Analysis Question

Forum List Message List New Topic Print View

Maxim Dounin

October 10, 2009 06:10AM

Hello!

On Fri, Oct 09, 2009 at 07:40:57PM -0400, Jim Ohlstein wrote:

> The nginx forum had a DDoS attack which took the site down this
> morning. In approximately 23 seconds there were just under 900,000
> lines in the error log that looked like:
>
> 2009/10/09 10:21:38 [alert] 32576#0: accept() failed (24: Too many
> open files)
>
> First question is do each of these entries represent an attempted
> connection?

No. This is configuration issue lead to infinite loop which can't
be resolved until more files can be opened.

Since this looks like common configuration issue, probably we need
some accept pause in such situations...

Maxim Dounin

Reply Quote

RSS

Subject	Author	Posted
DDoS Attack Log Analysis Question	Jim Ohlstein	October 09, 2009 07:48PM
Re: DDoS Attack Log Analysis Question	Payam Chychi	October 09, 2009 09:34PM
Re: DDoS Attack Log Analysis Question	Jim Ohlstein	October 09, 2009 10:50PM
Re: DDoS Attack Log Analysis Question	Chris Zimmerman	October 09, 2009 11:06PM
Re: DDoS Attack Log Analysis Question	Glen Lumanau	October 09, 2009 11:16PM
Re: DDoS Attack Log Analysis Question	Jim Ohlstein	October 09, 2009 11:48PM
Re: DDoS Attack Log Analysis Question	Maxim Dounin	October 10, 2009 06:10AM
Re: DDoS Attack Log Analysis Question	Jim Ohlstein	October 10, 2009 10:18AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 203

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018