Kati periergo

Pavlos Parisshs p_pavlos at otenet.gr
Wed Feb 13 01:01:01 EET 2002


Geia sas,
PROSOXH Akolouthei megalo mail,sorry paidia.

Mou sinevh kati poli periergo se ena server kai tha hthela na moirastw mazi sas tis 
plhrofories gia na dw an mporw na mathw ti prokalese to provlima.
Exoume ena server pou trexei redhat 7.0 kernel 2.2.19.
Ta services pou trexoun einai samba,squid,dns,qmail,fetchmail,telnet(mono apo local net)
kai epeidh einai gateway trexei kai enas firewall me ipchains.
Prin arxizete na fonazetai gia to gegonos oti olla afta trexoun se gateway na sas pw
pws den ginete alliws,se ligo kairo tha ginei DMZ.
Na anaferw pws exw 10 clients mou trexei mia access database sto server, afto meso samba.
Sths 11 tou mhna paratirithike crash ths efarmoghs gia thn access database stous clients kai to
samba den antapokrinotan.

Ti wra afth,gia thn akriveia 2-3 lepta meta sto /var/log/messages prwto emfanistike afto
Feb 11 10:54:47 server kernel: VFS: file-max limit 4096 reached
Feb 11 10:56:43 server kernel: Unable to load interpreter /lib/ld-linux.so.2
H opoia prospatheia gia login sto server apetixene xwris na anferh kati,apla ekana refresh
to login.Afto fenete kai apo edw pali sto messages
eb 11 11:00:32 server PAM_unix[1464]: (system-auth) session opened for user root by (uid=0)
Feb 11 11:00:32 server  -- root[1464]: ROOT LOGIN ON tty1
Feb 11 11:00:32 server kernel: Unable to load interpreter /lib/ld-linux.so.2
Feb 11 11:00:32 server PAM_unix[1464]: (system-auth) session closed for user root
Feb 11 11:00:39 server PAM_unix[1474]: (system-auth) session opened for user root by LOGIN(uid=0)
Feb 11 11:00:39 server  -- root[1474]: ROOT LOGIN ON tty1
Feb 11 11:00:39 server kernel: Unable to load interpreter /lib/ld-linux.so.2
Feb 11 11:00:39 server PAM_unix[1474]: (system-auth) session closed for user root

Prospatheia kai me telnet apo win client den apedwse tipota.
Sto /var/log/secure eperna
 Feb 11 10:56:43 server xinetd[390]: START: telnet pid=1459 from=192.168.0.14
Feb 11 10:59:40 server login: PAM unable to dlopen(/lib/security/pam_console.so)
Feb 11 10:59:40 server login: PAM [dlerror: libglib-1.2.so.0: cannot open shared object file: Too
many open files in system]

malista oi 2 teleftaies grammes epanalamvanontoustan mexri kai 10:59:46.
Sths 11:00:00 egine ctl-alt-del apo to afentiko,gia to fofo mhn pathei tipota h database.
DIoti amesws phge to mialo mas gia hacking.
Meta to reset arxisan ta poio trella!

Gia kapoio logo to keyboard trellathike kai patage mono tou ta plhktra kai malista mphke sto bios
xwris kaneis na patisei tipota.To akoma pio trello h othonh allaze xrwmata san trellh!!!!!!!
OXI OXI OXI den san kanw plaka!!!
Mesa sto bios stamatise h trellh simperifora tou keyboard kai ekana reset.
Kanei boot o server kai amesws molis teleiwsh to boot eperna sthn othono asxetous kai polous
xaraktires. Kathos kai ephseis kai afta
Feb 11 11:03:27 server kernel: keyboard: unrecognized scancode (71) - ignored
Feb 11 11:03:27 server kernel: keyboard: unknown scancode e0 30
Feb 11 11:03:28 server kernel: keyboard: unknown scancode e0 30
Feb 11 11:03:28 server kernel: keyboard: unknown scancode e0 5e
Feb 11 11:03:28 server kernel: keyboard: unknown scancode e0 5f
Feb 11 11:03:28 server kernel: keyboard: unknown scancode e0 63
Feb 11 11:03:28 server kernel: keyboard: unknown scancode e0 5e
Feb 11 11:03:28 server kernel: keyboard: unknown scancode e0 5f
Feb 11 11:03:28 server kernel: keyboard: unknown scancode e0 63

kathos kai afta

 11 11:03:32 server kernel:                          free                        sibling
Feb 11 11:03:32 server kernel:   task             PC    stack   pid father child younger older
Feb 11 11:03:32 server kernel: init       1 S C7FFBF1C  5512     1      0   605
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 0000000000000000 : X
Feb 11 11:03:32 server kernel: kflushd    2 S C7FE7FB4  7060     2      1             3
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 0000000000000000 : X
Feb 11 11:03:32 server kernel: kupdate    3 S C7FE5FC8  6652     3      1             4     2
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 fffffffffffdffff : X
Feb 11 11:03:32 server kernel: kswapd     4 S C7FE3FD4  7096     4      1             5     3
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 ffffffffffffffff : X
Feb 11 11:03:32 server kernel: keventd    5 S C023A89C  7064     5      1           296     4
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 fffffffffffeffff : X
Feb 11 11:03:32 server kernel: syslogd   10 S 7FFFFFFF     0   296      1           306     5
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 0000000000000000 : X
Feb 11 11:03:32 server kernel: klogd     13 R C7834000  3096   306      1           360   296
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 0000000000000000 : X
Feb 11 11:03:32 server kernel: pppd      14 S C77FFF1C  5672   360      1           375   306
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 0000000000000000 : X
Feb 11 11:03:32 server kernel: atd        9 S C7ABDF7C  5672   375      1           390   360
Feb 11 11:03:32 server kernel:    sig: 0 0000000000000000 0000000000000000 : X
Feb 11 11:03:32 server kernel: xinetd    1

Opoiadhpote prospatheia login fisika phgene sto vronto.
To keyboard den antapokrinotan kai egine anagkastika hardware reset.

Sthn arxh nomizame oti pesame thima hacking dioti vlepame sixronos polla apo afta sto messages
Feb 11 10:22:37 server named[410]: lame server on '246.140.119.209.in-addr.arpa' (in
'140.119.209.in-addr.arpa'?): 64.245.43.14#53 Feb 11 10:22:37 server named[410]: lame server on
'246.140.119.209.in-addr.arpa' (in '140.119.209.in-addr.arpa'?): 64.245.20.14#53 Feb 11 10:28:02
server named[410]: lame server on '8.168.118.131.in-addr.arpa' (in '168.118.131.in-addr.arpa'?):
131.118.191.11#53 Feb 11 10:28:03 server named[410]: lame server on '8.168.118.131.in-addr.arpa' (in
'168.118.131.in-addr.arpa'?): 131.118.254.1#53

Feb 11 10:15:03 server kernel: Packet log: inet-in DENY ppp0 PROTO=6 213.239.166.12:2509
195.97.116.203:113 L=60 S=0x00 I=40947 F=0x4000 T=54 SYN (#4) Feb 11 10:15:03 server kernel: Packet
log: inet-in DENY ppp0 PROTO=6 213.239.166.12:2510 195.97.116.203:113 L=60 S=0x00 I=34165 F=0x4000
T=54 SYN (#4)

Meta apo psixremo psaksimo ta lame sto DNS pou vlepame htan mesa sta plaisia tou fisiologikou.
Ta request pou eixame sthn 113 port ginontai apo ton mail server mias etairias pou exoume pop
accounts. Ta opoia ginontai download me fetchmail.
Ta request afta kata aftous einai fisiologika kai exoun  na kanoun me thn kainouria version tou
software pou trexoun se linux enw einai mono gia unix,etsi mas eipane toulaxiston.

Na anaferw oti server trexei edw kai 10 mhnes sinexeia xwris provlima.
Den exoun ginei ,kakws kserw,upgrade polla apo ta services.

Mexri twra pistevoume ti pesame sthn spania periptwsh pou sinevhsan sixronos hardware
kai software krasarismata.
To provlima einai pws sto kalw vghke to
Feb 11 10:54:47 server kernel: VFS: file-max limit 4096 reached.
Meta to gegonos afto ekatsa kai evlepa posa files htan anoixta,me lsof , kai den kseperasan
ta 1600 kata thn diarkeia olhs ths meras.
To systhma exei san file-max 4096.
Rixnontas to output ths lsof se ena file kai me arketo wc kai grep eida pws o dns exei
anoixta sto sinolo tou konta sta 400 files!
Meta erxete defteros o smbd me ~300 kai meta akolouthei o squid.
Einai logika afta ta noumera?

O server doulepse kai shmera xwris provlima,xwris na moiosoume ton forto.
Proswpika den mporw na pw me vevaiotita ti egine akrivws.
Pantws pistevw pws kapoios/kati prokalese to provlima kai afto mporei na einai
'h ena bug tou samba-2.2.0 'h DoS attack.

Opoios den variete loipon kai exei oreksei, perimenw na akousw idees kai tips sxetika me to thema.
Zitw pali sigxnomh gia to megalo mail.


ANte kalinixta,
Pavlos



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I love having the feeling of being in control
while i have the sensation of speed

The surfer of life
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




More information about the Linux-greek-users mailing list