DDoS Attack Log Analysis Question
Maxim Dounin
mdounin at mdounin.ru
Sat Oct 10 14:00:47 MSD 2009
Hello!
On Fri, Oct 09, 2009 at 07:40:57PM -0400, Jim Ohlstein wrote:
> The nginx forum had a DDoS attack which took the site down this
> morning. In approximately 23 seconds there were just under 900,000
> lines in the error log that looked like:
>
> 2009/10/09 10:21:38 [alert] 32576#0: accept() failed (24: Too many
> open files)
>
> First question is do each of these entries represent an attempted
> connection?
No. This is configuration issue lead to infinite loop which can't
be resolved until more files can be opened.
Since this looks like common configuration issue, probably we need
some accept pause in such situations...
Maxim Dounin
More information about the nginx
mailing list