[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] [RaQ4] stops responding on all but ping
- Subject: RE: [cobalt-users] [RaQ4] stops responding on all but ping
- From: <support@xxxxxxxxxxxxx>
- Date: Sun Oct 21 03:30:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi,
Some additional info from the kernel log
Oct 21 06:15:40 ww3 kernel: kmem_free: Bad obj addr (objp=c07324a0,
name=size-256)
Oct 21 06:15:40 ww3 kernel: Unable to handle kernel NULL pointer dereference
at virtual address 00000000
Oct 21 06:15:40 ww3 kernel: current->tss.cr3 = 00870000, %%cr3 = 00870000
Oct 21 06:15:40 ww3 kernel: *pde = 00000000
Oct 21 06:15:40 ww3 kernel: Oops: 0002
Oct 21 06:15:40 ww3 kernel: CPU: 0
Oct 21 06:15:40 ww3 kernel: EIP: 0010:[kfree+377/424]
Oct 21 06:15:40 ww3 kernel: EFLAGS: 00010202
Oct 21 06:15:40 ww3 kernel: eax: 0000003a ebx: c7fff1a0 ecx: 00000003
edx: 00000038
Oct 21 06:15:40 ww3 kernel: esi: c07324a0 edi: 00000202 ebp: c203d380
esp: c086fe30
Oct 21 06:15:40 ww3 kernel: ds: 0018 es: 0018 ss: 0018
Oct 21 06:15:40 ww3 kernel: Process httpd (pid: 2002, process nr: 41,
stackpage=c086f000)
Oct 21 06:15:40 ww3 kernel: Stack: c086fe80 c68b2c80 c07325bc c07324a0
c881bfd3 c07324a0 c07324a0 00000000
Oct 21 06:15:41 ww3 kernel: c881be90 c07324a0 c07324a0 0000078a
c086ff74 c01a1a7c c4b94e6c c086fe80
Oct 21 06:15:41 ww3 kernel: c086e000 c086fe78 c086e000 ffffffff
00000000 c68b2c80 00000001 00000000
Oct 21 06:15:41 ww3 kernel: Call Trace:
[eepro100:eepro100_init+-16605/14585] [eepro100:eepro100_init+-16928/14585]
[bw_sock_sendmsg+0/56] [<c8832000>] [bw_sock_sendmsg+48/56]
[sock_sendmsg+136/172] [bw_sock_sendmsg+0/56]
Oct 21 06:15:41 ww3 kernel: [sock_write+146/156] [<c8832000>]
[sys_write+219/256] [sock_write+0/156] [system_call+52/56]
Oct 21 06:15:41 ww3 kernel: Code: c7 05 00 00 00 00 00 00 00 00 eb 1b 8d 76
00 56 68 a2 c5 1f
Oct 21 07:17:51 ww3 kernel: VM: do_try_to_free_pages failed for httpd...
Oct 21 07:20:11 ww3 kernel: VM: do_try_to_free_pages failed for httpd...
Oct 21 07:26:02 ww3 kernel: VM: do_try_to_free_pages failed for httpd...
hope this might help to find the real reason or is just lack of memory ?
regards
Erik Venema
DutchNet
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of flash22@xxxxxxx
Sent: zaterdag 20 oktober 2001 22:23
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] [RaQ4] stops responding on all but ping
On Thu, 20 Oct 1988, Gerald Waugh wrote:
> > Oct 14 12:58:58 ww3 kernel: Suspect TCP fragment.
> > Oct 14 12:58:58 ww3 kernel: eth0 PROTO=6 218.122.122.1:0
193.xxx.xxx.xxx:0
> This just might be a bad packet coming in.?
Nope, it's a DOS attack...from the kernel code itself:
/*
* Don't allow a fragment of TCP 8 bytes in. Nobody
* normal causes this. Its a cracker trying to break
* in by doing a flag overwrite to pass the direction
* checks.
*/
if (offset == 1 && ip->protocol == IPPROTO_TCP) {
if (!testing && net_ratelimit()) {
printk("Suspect TCP fragment.\n");
Someone is sending bogus packets to try to exaust kernel memory and kill
the server, firewall time :)
gsh
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users