tags:

views:

184

answers:

3
+2  Q: 

ASP.Net web site gets burst of requests that crashes IIS worker process

I'm running a fairly high volume asp.net web site across a two serve cluster. Typical load is around 20 requests/second per server as logged by the ASP.Net Apps performance object.

At periodic times during the day the performance counter logs anywhere from 2,000 to 9,000 requests/second. The worker process dies at this time and reports a ".Net Runtime 2.0 Error Reporting" application log with "Faulting application w3wp.exe" listed.

What is strange is that IIS doesn't log any burst of requests at this time. The web logs record a normal pace of traffic up until this point, and show no burst of thousands of requests.

The server is running IIS6 on Windows 2003 64 bit Server. It is a quad core xeon with 6GB of RAM.

Only ONE of the two servers in the load balanced cluster record this volume of requests. The other server never shows more than the 20 or so average requests/second.

Any ideas as to why the performance log would show such a high volume of requests that aren't logged anywhere? I am not able to determine what is causing this load, and am wondering if it is an application error of some kind or if it is truly a burst of traffic.

Any suggestions for how to track down the culprit?

Thanks, David

A: 

Honestly, it sounds like a potential DoS attack. Can you enable a log on your router/switch to see the raw ethernet frames coming through? Let me know. Thanks.

-Shaun

SCMcDonnell  2009-09-02 16:51:49
+2  A: 

Get a crashdump of your asp process using Debugging Tools (Windbg & Co).

Check out http://blogs.msdn.com/tess.

Alex  2009-09-02 18:57:29
Also check http://support.microsoft.com/kb/919789/
Lex Li  2009-09-04 07:46:26
A: 

After using WinDbg to view a crash dump, it turned out this was caused by a recursive Server.Transfer producing a stack overflow.

Apparently the performance log that shows the the Requests/Sec for ASP.Net Apps v2.0.50727 records a server transfer as a new request. But since it is not doing a client redirect it never shows up in the IIS logs like a DOS attack probably would.

The fact that the log showed high requests/sec made me think it was not an application error.

Thanks for all your suggestions.

David Western  2009-09-29 23:15:55

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?