UDP attack? How to suppress kernel msgs?

UDP attack? How to suppress kernel msgs?

[Vibol Hou]

Hi,

One of my servers running 2.4.1 was attacked earlier today.  I have a strong
feeling it went down because the kernel was logging too many messages to
syslog.  There's over 100,000 lines of the following in my syslog:

Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.146:20567
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 209.249.213.145:36338
to 2
16.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 194.225.45.233:33762
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 211.54.39.161:14958 to
216
.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.167:3467 to
216
.115.239.40:113 ulen 1472

How do I suppress these types of messages from hogging up all the CPU?

Thanks,
Vibol Hou

RE: UDP attack? How to suppress kernel msgs?

[Vibol Hou]

[-- Attachment #1: Type: text/plain, Size: 1560 bytes --]

I have an MRTG chart of what happened during the attack and have attached
it.  Does anyone know why the bandwidth going OUT spiked up so high and just
cratered?  Green is incoming, blue is outgoing.

Thanks,
Vibol Hou

-----Original Message-----
From: linux-kernel-owner@vger.kernel.org
[mailto:linux-kernel-owner@vger.kernel.org]On Behalf Of Vibol Hou
Sent: Friday, February 23, 2001 3:22 PM
To: Linux-Kernel
Subject: UDP attack? How to suppress kernel msgs?


Hi,

One of my servers running 2.4.1 was attacked earlier today.  I have a strong
feeling it went down because the kernel was logging too many messages to
syslog.  There's over 100,000 lines of the following in my syslog:

Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.146:20567
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 209.249.213.145:36338
to 2
16.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 194.225.45.233:33762
to 21
6.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 211.54.39.161:14958 to
216
.115.239.40:113 ulen 1472
Feb 23 12:28:25 omega kernel: UDP: bad checksum. From 202.96.140.167:3467 to
216
.115.239.40:113 ulen 1472

How do I suppress these types of messages from hogging up all the CPU?

Thanks,
Vibol Hou

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[-- Attachment #2: khmerconnection.com-day[1].png --]
[-- Type: application/octet-stream, Size: 3272 bytes --]

RE: UDP attack? How to suppress kernel msgs?

[David S. Miller]

This should fix your problem:

--- include/net/sock.h.~1~	Thu Feb 22 21:12:12 2001
+++ include/net/sock.h	Sun Feb 25 21:26:16 2001
@@ -1279,7 +1279,7 @@
  *	Enable debug/info messages 
  */
 
-#if 0
+#if 1
 #define NETDEBUG(x)	do { } while (0)
 #else
 #define NETDEBUG(x)	do { x; } while (0)