Welcome! Log In Create A New Profile

Re: DDoS Attack Log Analysis Question

Forum List Message List New Topic Print View

Jim Ohlstein

October 10, 2009 10:18AM

Admin
Registered: 15 years ago
Posts: 574

Maxim Dounin wrote:
> Hello!
>
> On Fri, Oct 09, 2009 at 07:40:57PM -0400, Jim Ohlstein wrote:
>
>> The nginx forum had a DDoS attack which took the site down this
>> morning. In approximately 23 seconds there were just under 900,000
>> lines in the error log that looked like:
>>
>> 2009/10/09 10:21:38 [alert] 32576#0: accept() failed (24: Too many
>> open files)
>>
>> First question is do each of these entries represent an attempted
>> connection?
>
> No. This is configuration issue lead to infinite loop which can't
> be resolved until more files can be opened.

Thank you. I found it hard to imagine that there were that many requests
in such a small period directed at such a small site.

>
> Since this looks like common configuration issue, probably we need
> some accept pause in such situations...
>
> Maxim Dounin
>

--
Jim Ohlstein

Reply Quote

RSS

Subject	Author	Posted
DDoS Attack Log Analysis Question	Jim Ohlstein	October 09, 2009 07:48PM
Re: DDoS Attack Log Analysis Question	Payam Chychi	October 09, 2009 09:34PM
Re: DDoS Attack Log Analysis Question	Jim Ohlstein	October 09, 2009 10:50PM
Re: DDoS Attack Log Analysis Question	Chris Zimmerman	October 09, 2009 11:06PM
Re: DDoS Attack Log Analysis Question	Glen Lumanau	October 09, 2009 11:16PM
Re: DDoS Attack Log Analysis Question	Jim Ohlstein	October 09, 2009 11:48PM
Re: DDoS Attack Log Analysis Question	Maxim Dounin	October 10, 2009 06:10AM
Re: DDoS Attack Log Analysis Question	Jim Ohlstein	October 10, 2009 10:18AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 178

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018