Hi,
One of my servers running 2.4.1 was attacked earlier today. I have a strong
feeling it went down because the kernel was logging too many messages to
syslog. There's over 100,000 lines of the following in my syslog:
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.146:20567
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 209.249.213.145:36338
to 2
16.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 194.225.45.233:33762
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 211.54.39.161:14958 to
216
.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.167:3467 to
216
.115.239.40:113 ulen 1472
How do I suppress these types of messages from hogging up all the CPU?
Thanks,
Vibol Hou
I have an MRTG chart of what happened during the attack and have attached
it. Does anyone know why the bandwidth going OUT spiked up so high and just
cratered? Green is incoming, blue is outgoing.
Thanks,
Vibol Hou
-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Vibol Hou
Sent: Friday, February 23, 2001 3:22 PM
To: Linux-Kernel
Subject: UDP attack? How to suppress kernel msgs?
Hi,
One of my servers running 2.4.1 was attacked earlier today. I have a strong
feeling it went down because the kernel was logging too many messages to
syslog. There's over 100,000 lines of the following in my syslog:
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.146:20567
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 209.249.213.145:36338
to 2
16.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 194.225.45.233:33762
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 211.54.39.161:14958 to
216
.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.167:3467 to
216
.115.239.40:113 ulen 1472
How do I suppress these types of messages from hogging up all the CPU?
Thanks,
Vibol Hou
This should fix your problem:
--- include/net/sock.h.~1~ Thu Feb 22 21:12:12 2001
+++ include/net/sock.h Sun Feb 25 21:26:16 2001
@@ -1279,7 +1279,7 @@
* Enable debug/info messages
*/
-#if 0
+#if 1
#define NETDEBUG(x) do { } while (0)
#else
#define NETDEBUG(x) do { x; } while (0)