On Sun, 14 Sep 2003, Chuck Silvers wrote:
> > A client is frequently getting the following on a 256MB single processor
> > Compaq server running NetBSD 1.6.1 with DHCP, tftp and ftp for various
> > clients (amongst other things).
> > 
> > panic: malloc: out of space in kmem_map
> > Stopped in pid 5639 (inetd) at cpu_Debugger+0x4:	leave
>
> yea, something's leaking kernel memory.  if you collect the output of
> "vmstat -m" periodically, that will give some clues as to where all the
> memory is going.  or if you can get a crashdump, that will have the info
> as well.

It turns out that this was due to the server being caught in the middle of
a flood-pinging virus attack. It was running NAT and to make matters
worse, echo requests were being silently blocked by an upstream firewall
at the ISP. I put an ipfilter block on all inbound ICMP on their internal
interface as a temporary fix. Without this, even just plugging in the
internal network cable killed the machine (named was reporting an
impressive 290% CPU usage!). I then tcpdumped the internal network and
reported the guilty IPs to the local technicians. It looks likes it's
happy now.

Still a bit worrying though that it's so open to a DoS attack (though I
think they may have got carried away increasing NMBCLUSTERS until I told 
them to leave it alone :-) ).

-- 
Stephen