Argus 2.0.1-beta1, crash under DoS, observations.
Chris Newton
newton at unb.ca
Mon Apr 9 16:08:56 EDT 2001
Hi folks. Had one of my signature DoS attacks today, and, running the 2.0.1
beta 1 code, I got an opps. Argus spit out lots of:
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Exceeded Maximum Limit
argus[16464]: ArgusWriteOutSocket(0x8144e30) Queue Count 12319
It died at one point, but I have a script to immediatly restart it...
Also got a (among other messages like above) in /var/log/messages:
Apr 9 16:41:20 epic argus[1809]: ArgusWriteOutSocket Failed to Multiplexor.
Shutting Down
The one thing I noticed was that, even on my PIII 667 single CPU box, during
this attack, argus only seemed to use about 12-15% of the CPU. Never did I
see it really do any heavy work (I don't believe, unless I missed it). It
did, however, use lots of memory (used 85% of the boxes's physical memory).
Chris
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Chris Newton, Systems Analyst
Computing Services, University of New Brunswick
newton at unb.ca 506-447-3212(voice) 506-453-3590(fax)
More information about the argus
mailing list