[ previous ] [ next ] [ threads ]
 
 From:  Roberto Greiner <mrgreiner at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] High CPU -problem
 Date:  Wed, 12 May 2010 10:19:01 -0300 
Hi,

about the CPU problem I´m getting, I saw that on the console I´m getting 
quite a lot of the following messages:
  Limiting open port RST response from x to 200 packets/sec

with x ranging from 200 to 300.

Now, as far as I understand, this could mean someone is portscanning my 
server, or something of the nature. I intend to put a sniffer on my 
network to sort out where those packets are coming from, but my server 
has an average traffic that floats between 5 and 30Mbps, so it would be 
essential to filter out exactly the correct packets. So, could someone 
appoint me what I should look for in the packets? SYN activated? RST 
activated? In what combination?

Thanks,

Roberto


On 11/05/2010 11:43, Roberto Greiner wrote:
> On 11/05/2010 09:05, Xavier Beaudouin wrote:
>> Hi there,
>>
>> Le 10 mai 2010 à 23:42, Roberto Greiner a écrit :
>>
>>> On 10/05/2010 18:40, Roberto Greiner wrote:
>>>> On 10/05/2010 18:30, Manuel Kasper wrote:
>>>>> On 10.05.2010, at 23:21, Roberto Greiner wrote:
>>>>>
>>>>>> It´s a Virtual Machine inside a Core II Duo 3Ghz, with 768MB. The 
>>>>>> throughput is in the range of 10Mbps in, 3-5Mbps out.
>>>>> OK... what kind of virtualization solution? If it's VMware, then 
>>>>> make sure that you're using the e1000 NIC emulation (should appear 
>>>>> as emX device in m0n0wall, rather than lncX). This can be achieved 
>>>>> by adding ethernetX.virtualDev = "e1000" to the .vmx file.
>>>>>
>>>>> I haven't tested any other virtualization solutions, but using 
>>>>> VMware + e1000 on that hardware, you should easily be able to push 
>>>>> well over 100 Mbps through your m0n0wall VM.
>>>>>
>>>> No, we are using Xen Citrix Server, version 5.5. I can´t say what 
>>>> the server does present exactly to the virtual machine, but 
>>>> Monowall identifies it 're0' (probably realtek).
>>> Ops, rechecked it: It´s appearing as a Realtek 8139C.
>> I don't use Xen Citrix Server, but on some Xen implementation you can 
>> have... e1000 as well...
>>
>> Xavier
> No, I just got an answer on the Citrix mail list, and in full 
> virtualization the host will always be presented with a Realtek 
> interface. One way to change that would be trying open source Xen, and 
> that would require changes to the source code. Other way would be 
> going to paravirtualization. I´m not sure about the viability of that, 
> but will investigate.
>
> The main problem is that i´m not sure that the interface emulation is 
> really the problem. Is there any way to verify that?
>
> Tks,
>
> Roberto
>
>
>


-- 
   -----------------------------------------------------
                 Marcos Roberto Greiner

    Os otimistas acham que estamos no melhor dos mundos
     Os pessimistas tem medo de que isto seja verdade
                                   James Branch Cabell
   -----------------------------------------------------