Traffic does not go trough PF server
-
Hi
I have been having issues with DDoS attacking for a long time know and i am once again trying to get to the bottom of it.
Today when the servers went down i immediately logged in to my PFsense box, and to my suprise that was no hassel, it didnt time out or anything which is quite usual. And when i started TOP i saw that the box has absolutly no load. which also came to me as a surprise.
I started to check a little around and i started tcpdump to se if there was any traffic comming in and it was plenty (http://kradalby.no/tcpdump.txt)But when i checked a little longer i found out that i could not reach any of the servers behind the pfsense box, everything on the LAN interface was dead so i restarted the pfsensebox and everything went back to normal.
I have searched trough the log files and it does not seem anything went wrong.
I also looked at the RRD graphs and it shows strange behaviour:
http://dl.dropbox.com/u/391249/Screenshots/o.png
http://dl.dropbox.com/u/391249/Screenshots/p.png
http://dl.dropbox.com/u/391249/Screenshots/q.png
http://dl.dropbox.com/u/391249/Screenshots/r.pngSo what i got out of this was that it was a lot of traffic, then nothing went trough the server while there was a lot of traffic and no load.
Anyone have any ideas?
Thanks in advance
Kristoffer
-
What kind of NIC do you have in the pfSense machine?
-
I have two Intel 82574L on a Intel D2500CC board
-
There is an Intel bug going on right now for that Intel Model. It is called the "Packets of Death". Might want to google search the details to see how you are affected or IF you are even affected.
-
I'd be very surprised if Intel got the eeprom wrong on their own board though. ;)
If it was this you would see something in the logs showing that the NIC had crashed out in some way.Steve
-
I guess steve is right.
It does not hurt to test so i will try that. But many of my problems does not fit, ithink, since it seems that it was the lan interface that in that case went down.
ill be back
