Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Network Security: Firewall, NAT, QoS, IPS and more
Reload this Page P4 CPU usage 100%
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-12-2004, 09:48 AM
Member
  
Join Date: Nov 2003
Posts: 32
Default P4 CPU usage 100%
Now my ASL's CPU usage is 100%, I can't access and manage it. Its kernel log information:
2004-Feb 11 00:01:01 host kernel: TCP Drop: IN=eth3 OUT=eth2 SRC=10.193.19.3 DST=10.193.129.155 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=57881 DF PROTO=TCP SPT=3372 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
2004-Feb 11 00:01:02 host kernel: TCP Drop: IN=eth3 OUT=eth2 SRC=10.193.19.3 DST=10.193.129.252 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=57972 DF PROTO=TCP SPT=3444 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
I should how to do to make it recover.
[img]/images/graemlins/confused.gif[/img]
Reply With Quote
  #2 (permalink)  
Old 02-12-2004, 10:14 AM
AJo AJo is offline
Senior Member
  
Join Date: Mar 2002
Location: sweden
Posts: 140
Default Re: P4 CPU usage 100%
Unless enterprise environment and business crucial...

1. Log on from console or via loginuser shell.
2. Disconnect eth3 either physical or shutdown the interface.
3. If needed kill the processes with high cpu and/or mem load or just restart the box.
4. Now analyze your logs and see what suspicious trafic and ports that accour in logs. And set up some filter rules to drop those. (broadcasts, virii etc.)
5. If kernellog file sizes are big and the nightly fwlogwatch never finishes you may wanna considering deleting them after you downloaded and analyzed.

Search for other forum threads (there are a few) for more pointers...
Reply With Quote
  #3 (permalink)  
Old 02-12-2004, 01:57 PM
Senior Member
  
Join Date: Oct 2003
Location: Germany
Posts: 371
Default Re: P4 CPU usage 100%
Which process causes the high cpu load. Please post ps aufx.
Cheers Bagira
Reply With Quote
  #4 (permalink)  
Old 02-12-2004, 02:02 PM
Member
  
Join Date: Apr 2003
Posts: 94
Default Re: P4 CPU usage 100%
Hi,
Port 445...
sounds like a windows machine trying to connect to another machine...
The best will be drop this packet.

HTH

Best Regards

Udo Seiler
Reply With Quote
  #5 (permalink)  
Old 02-13-2004, 01:13 AM
Member
  
Join Date: Nov 2003
Posts: 32
Default Re: P4 CPU usage 100%
Hi, AJo
first, thank you for your help.
Could you tell me how to login on the firewall via console.I already tried it, but the Hyper Terminal just can show the CLI, I can't input any command. [img]/images/graemlins/confused.gif[/img]
Reply With Quote
  #6 (permalink)  
Old 02-13-2004, 09:17 AM
AJo AJo is offline
Senior Member
  
Join Date: Mar 2002
Location: sweden
Posts: 140
Default Re: P4 CPU usage 100%
My bad, ment from the console using monitor and keyboard connected to the ASL box. Login as root.

Or use a ssh client software and login remote: login as loginuser and then su to root. (a simple program like putty will do). Putty
Reply With Quote
  #7 (permalink)  
Old 02-13-2004, 05:20 PM
Member
  
Join Date: Jul 2003
Posts: 55
Default Re: P4 CPU usage 100%
Isn't TCP:445 used by some worm calles Iraq Oil Worm?
Reply With Quote
  #8 (permalink)  
Old 02-14-2004, 01:09 AM
Senior Member
  
Join Date: Oct 2003
Location: UK
Posts: 260
Default Re: P4 CPU usage 100%
TCP port 445 is used by lots of worms and virus's.

Its a new port for windows file sharing introduced in windows 2000/XP.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 01:00 PM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.