Recently we have seen some issues with apache2 and php memory usage in Debian Lenny (stable) vservers growing higher than expected. Restarting apache2 (something that is probably a good idea once a day anyway just to clear the apc cache) was one option. But we wanted a mechanism that would allow us to monitor the usage of resources inside the vserver context and allow a nagios alert to be generated if usage was greater than say, 85% of RSS (resident memory usage) or if the number of processes was above a certain limit.
Content guard / filtering devices like Surf Control, Websense, and now the Barracuda filter are often placed inline with the network, between the firewall and the local LAN. In this mode they act like a transparent (but intelligent) bridge or switch. They can block packets such as icmp echo requests (pings) and tcp/http gets, and smtp connections if they find that the destination ipv4 address matches an entry in the block or drop list that the devices download from their parent database.
Multiple Cisco ASA firewalls, all running the same code have been exhibiting a loss of connectivity to the outside world problem: Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz Software: asa724-k8.bin
The devices would randomly enter a state where external NIC is unable to process packets. Console port access would work if out of band access is present; I could login and run commands. All show commands work, sometimes the device will come back w/o a reboot, sometimes a reboot is needed to restore the proper functionality.
We have a generic procedure for cloning an open bsd firewall that allows us to easily upgrade or replace hardware. Simply swapping the disk or raid array the OS is on is not always practical or possible (SATA to SCSI or single disk to HW raid for example). As long as each system is loaded with the same base OS (4.4 currently) making a copy of /etc/ /var/ and /root/ (as well as /home/ if shell accounts exist) and transferring that copy into place on the new system is all that needs to be done. Of course making sure the relevant patches are installed is also important.
We have been running our new spam filter firewall protection system for about a year now with good success so far. It sits in front of our MailFoundry spam filter appliance and tarpits blacklisted ips, keeping those ips from hitting our MailFoundry and wasting smtp resources. It has a built in whitelist as well as an auto-learn blacklist mechanism based on parsing of the MailFoundry logs. if you have a MailFoundry appliance or similar device struggling to keep up with its workload (such as running out of smtp connections) then our solution may be just the ticket to cleaner, faster mail.
As of 9PM EST Wed March 11th Richweb has blocked all email incoming from 22.214.171.124/24 which is the godaddy.com / secureserver.net mail server range. Richweb was flooded with over 100,000 emails in a very short period of time due to misbehaving applications on that network. Calls to the godaddy support line went unanswered, and we were not able to leave a message.