DDoS Attack Log Analysis Question
Jim Ohlstein
jim at ohlste.in
Sat Oct 10 18:12:45 MSD 2009
Maxim Dounin wrote:
> Hello!
>
> On Fri, Oct 09, 2009 at 07:40:57PM -0400, Jim Ohlstein wrote:
>
>> The nginx forum had a DDoS attack which took the site down this
>> morning. In approximately 23 seconds there were just under 900,000
>> lines in the error log that looked like:
>>
>> 2009/10/09 10:21:38 [alert] 32576#0: accept() failed (24: Too many
>> open files)
>>
>> First question is do each of these entries represent an attempted
>> connection?
>
> No. This is configuration issue lead to infinite loop which can't
> be resolved until more files can be opened.
Thank you. I found it hard to imagine that there were that many requests
in such a small period directed at such a small site.
>
> Since this looks like common configuration issue, probably we need
> some accept pause in such situations...
>
> Maxim Dounin
>
--
Jim Ohlstein
More information about the nginx
mailing list