LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 07-24-2008, 10:19 AM   #1
vbsaltydog
Member
 
Registered: Nov 2005
Distribution: CentOS
Posts: 141

Rep: Reputation: 15
Troubleshooting Denial of Service


I have a Centos 4.4 server that is a standard LAMP server and as of recently I have had the server deny all services in the mornings but not every morning consistently. When I look at the physical server, the nic card light does blink but no so much that it is out of the ordinary, the hard disk activity light blinks too but is not solid or excessive, the server seems to be up but it denies every incoming connection other than ping requests. No dns, web, or even SSH

I thought it must be a cron job hogging system resources so I analyzed the cron log and the cron tasks seem to be running properyl even when the server is non responsive to inbound services. I ran every scheduled cron job and non of them bring the server down.

I have looked at the server logs but there is too much info to figure out what could be the problem and what couldn't. Is there a specific type of logging that I need to set or other method that I can use to see what is bringing my server down at night?


BTW, a simple hard reboot solves the problem until the next night/morning.

Your help is appreciated.
 
Old 07-24-2008, 11:10 AM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Don't rely on lights on a NIC card. I'm assuming this server is accessible to the outside world, what happens when you can't reach it if you try to pull up one of the services locally if possible?
 
Old 07-24-2008, 11:15 AM   #3
vbsaltydog
Member
 
Registered: Nov 2005
Distribution: CentOS
Posts: 141

Original Poster
Rep: Reputation: 15
I am on the same local subnet as the server and I cant access it from the LAN either so its not a router/firewall issue. I just setup service monitoring on the ssh service (on of the inaccessible services) so that I will be emailed and the server will reboot if SSH goes down. It won't tell me why the services are failing but at least it will keep my server up and hopefully I will have something in my syslog just before the reboot that tells me something about why SSH crashed.

Any other advise is welcome.
 
Old 07-25-2008, 12:16 AM   #4
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.6, Centos 5.10
Posts: 16,324

Rep: Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041Reputation: 2041
http://linux-mm.org/OOM_Killer ?
 
Old 07-25-2008, 12:51 AM   #5
vbsaltydog
Member
 
Registered: Nov 2005
Distribution: CentOS
Posts: 141

Original Poster
Rep: Reputation: 15
Thanks Chris. I gave it a look and it's OK. I think it is a good solution for servers that can only support a small amount of memory compared to the resources required by the services running on the server. If I knew what service(s) were hogging my resources and causing the Dos then I would try to nice them to the lowest priority and see if that fixes it before I move to more drastic measures. Perhaps I can use your idea to log the process that it chooses to terminate if it has logging abilities.

Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to stop arp Denial of service/flood? 4mix Linux - Networking 4 06-13-2013 04:14 AM
Web Server Crash - Denial of Service inspiredbymetal Linux - Server 3 11-11-2007 06:31 AM
how to disable TCP/IP Denial of Service mayankh Linux - Security 2 10-14-2006 05:01 AM
Denial Of Service Attacks Ozzman Mandriva 13 11-13-2003 01:59 AM
ways to protect against denial of service attacks. sundarrnathan Linux - Security 1 06-01-2003 01:58 PM


All times are GMT -5. The time now is 03:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration