From: "Denys Fedoryshchenko" <denys@visp.net.lb>
To: netdev@vger.kernel.org
Subject: DoS by cat /proc/net/ip_conntrack ?
Date: Thu, 6 Mar 2008 15:43:23 +0200 [thread overview]
Message-ID: <20080306134037.M70019@visp.net.lb> (raw)
Hi again
On loaded router
net.netfilter.nf_conntrack_count = 415633
passing about 100-150 Mbps
network cards 3xe100, 1xe1000e
i tried to issue command cat /proc/net/ip_conntrack |grep 'something'
Router went dead for about 2 minutes, even i disconnect ssh session.
Ping was looks like this:
64 bytes from dotfib (10.184.184.1): icmp_seq=15 ttl=61 time=4321 ms
64 bytes from dotfib (10.184.184.1): icmp_seq=50 ttl=61 time=398 ms
64 bytes from dotfib (10.184.184.1): icmp_seq=122 ttl=61 time=15.3 ms
64 bytes from dotfib (10.184.184.1): icmp_seq=142 ttl=61 time=4452 ms
64 bytes from dotfib (10.184.184.1): icmp_seq=180 ttl=61 time=850 ms
(system recovered)
64 bytes from dotfib (10.184.184.1): icmp_seq=182 ttl=61 time=0.681 ms
64 bytes from dotfib (10.184.184.1): icmp_seq=183 ttl=61 time=0.936 ms
64 bytes from dotfib (10.184.184.1): icmp_seq=184 ttl=61 time=2.94 ms
I dont think it is normal, and such command taking a lot of system resources
and cause whole system to hang.
Kernel 2.6.24.2
--
Denys Fedoryshchenko
Technical Manager
Virtual ISP S.A.L.
next reply other threads:[~2008-03-06 13:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-06 13:43 Denys Fedoryshchenko [this message]
2008-03-06 13:51 ` DoS by cat /proc/net/ip_conntrack ? Krzysztof Oledzki
2008-03-08 12:26 ` Jarek Poplawski
2008-03-08 12:33 ` Jarek Poplawski
2008-03-08 14:24 ` Denys Fedoryshchenko
2008-03-08 14:44 ` Jarek Poplawski
2008-03-08 15:18 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080306134037.M70019@visp.net.lb \
--to=denys@visp.net.lb \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.