Phone Lines icon GFI Support Home

Articles in this section

See more

DDoS Attempts Causing Collectord to Crash the Exinda

Author: Luis Fernandes Updated

Overview

Collectord crashes from a huge RAM (Random Access Memory) spike.

 

Root Cause

  • Collectord is using a significant amount of RAM due to DDoS attempts on Exinda, resulting in a crash from the huge RAM spike.
  • Due to multiple new connections ran per second, the RAM is spiking up in utilization so fast that the appliance is rebooting.
  • The Exinda appliance tries to record statistics about connections passing through the device. Even if there are ultimately ignored, aborted, or refused, a certain amount of RAM is allocated to track the connections. If there are millions of short-lived connections, the appliance still tries to record stats for them.

 

Resolution

  • ExOS 7.4.2 contains a feature that prevents the collection of statistics for ignored connections. Since the majority of DDoS traffic is ignored, this should greatly help reduce the amount of RAM that consumes during such attacks.
  • In ExOS 7.4.3 and later, the feature is not enabled by default, but can be enabled using the following CLI commands:
en
conf t
ddos tcp ignore

If the issue still persists after upgrading/installing to ExOS 7.4.2 and later, contact Exinda Support.

 

Related articles