DDoS Attack Log Analysis Question
mdounin at mdounin.ru
Sat Oct 10 14:00:47 MSD 2009
On Fri, Oct 09, 2009 at 07:40:57PM -0400, Jim Ohlstein wrote:
> The nginx forum had a DDoS attack which took the site down this
> morning. In approximately 23 seconds there were just under 900,000
> lines in the error log that looked like:
> 2009/10/09 10:21:38 [alert] 32576#0: accept() failed (24: Too many
> open files)
> First question is do each of these entries represent an attempted
No. This is configuration issue lead to infinite loop which can't
be resolved until more files can be opened.
Since this looks like common configuration issue, probably we need
some accept pause in such situations...
More information about the nginx