Hi Benny/et al,
On 2015-09-24 Thu 14:42 PM |, Benny Lofgren wrote:
> On 2015-09-24 11:37, Pantelis Roditis wrote:
> > On 09/24/2015 11:39 AM, Peter Hessler wrote:
> >> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
> >> :Hello,
> >> :
>
On 2015 Sep 24 (Thu) at 12:37:03 +0300 (+0300), Pantelis Roditis wrote:
:On 09/24/2015 11:39 AM, Peter Hessler wrote:
:>On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:>:Hello,
:>:
:>:Zombies are often attacking ports which don't have services running,
:>:such
On 09/24/2015 11:39 AM, Peter Hessler wrote:
On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:Hello,
:
:Zombies are often attacking ports which don't have services running,
:such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
Hi,
This is the exact
On 09/24/2015 12:48 PM, Peter Hessler wrote:
On 2015 Sep 24 (Thu) at 12:37:03 +0300 (+0300), Pantelis Roditis wrote:
:On 09/24/2015 11:39 AM, Peter Hessler wrote:
:>On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:>:Hello,
:>:
:>:Zombies are often attacking ports
On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
:Hello,
:
:Zombies are often attacking ports which don't have services running,
:such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
:
:With a default pf block drop in on $ext_if, how can those source ips
Am Donnerstag, den 24.09.2015, 10:39 +0200 schrieb Peter Hessler:
> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
> :Zombies are often attacking ports which don't have services running,
> :such as telnet (most popular indeed), mysql, 3551, 8080, 132
On 2015-09-24 11:37, Pantelis Roditis wrote:
> On 09/24/2015 11:39 AM, Peter Hessler wrote:
>> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
>> :Hello,
>> :
>> :Zombies are often attacking ports which don't have services running,
>> :su
On Thu, Sep 24, 2015 at 02:42:47PM +0200, Benny Lofgren wrote:
> On 2015-09-24 11:37, Pantelis Roditis wrote:
> > On 09/24/2015 11:39 AM, Peter Hessler wrote:
> >> On 2015 Sep 23 (Wed) at 18:14:51 +0100 (+0100), Craig Skinner wrote:
> >> :Hello,
> >> :
>
Thanks for all the helpful replies.
On 2015-09-23 Wed 18:14 PM |, Craig Skinner wrote:
>
> Zombies are often attacking ports which don't have services running,
> such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
>
This was logged from Friday - Monday (
Hi Ted,
On 2015-09-23 Wed 13:51 PM |, Ted Unangst wrote:
> >
> > Zombies are often attacking ports which don't have services running,
> > such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
> >
>
> block log those ports, then process the
Hi Pantelis,
On 2015-09-24 Thu 12:37 PM |, Pantelis Roditis wrote:
>
> This is the exact reason why we created bofh-divert[1]. The idea is that you
> pass those packets with PF to a divert socket opened by a daemon. The daemon
> grabs the source IP and adds it to a predefined table.
>
Wow,
tag honeypot
> pass in log tagged honeypot rdr-to 127.0.0.1 port echo keep state \
> (max-src-conn-rate 1/30, overload flush global)
>
Ahhh! Cunning plan Benny.
I shall play...
>
> PS. Who named unlistened-to ports "zombies" anyway?
http://en.wikipedia.org/wiki/Zo
Hello,
Zombies are often attacking ports which don't have services running,
such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
With a default pf block drop in on $ext_if, how can those source ips be
added to a table? Which all can be dropped & small queued.
I've t
Craig Skinner wrote:
> Hello,
>
> Zombies are often attacking ports which don't have services running,
> such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc.
>
> With a default pf block drop in on $ext_if, how can those source ips be
> added to a
How are zombies best dealt with, correctively?
My OBSD 4.2 x86 machine is showing memory and CPU utilization are a
negligable fraction of the total capacity. Yet, it is getting maxed out
in regards to number of processes, apparently due to the zombies.
kill -KILL seems to have no effect.
Some
Thanks.
Paul de Weerd wrote:
...
Zombies are part of unix, you *need* them in cases. Leaving them
dangling (for too long) is not good of course, clean-up is required.
That's what's happening. I see that one work-around would be to have
cron periodically send a kill signal to the parent
On Wed, Mar 12, 2008 at 2:18 AM, Lars Noodin [EMAIL PROTECTED]
wrote:
Or what are the major reasons 4.3 is going to still use 1.3x?
Licensing.
On Wed, Mar 12, 2008 at 10:36:23AM +0200, Lars Nood??n wrote:
How are zombies best dealt with, correctively?
My OBSD 4.2 x86 machine is showing memory and CPU utilization are a
negligable fraction of the total capacity. Yet, it is getting maxed out
in regards to number of processes
Looking ahead, what is the timeline for moving to Apache2?
Likely never, unless they decide to change their license.
Or what are the major reasons 4.3 is going to still use 1.3x?
apache2 is not free enough.
How are zombies best dealt with, correctively?
Sorry to answer my own question. The solution was to find the parent
process and kill it.
But the second question still stands, is there a generic way to prevent
the formation of zombies? The cause in this specific case is a
perl-based CGI script
On Wed, Mar 12, 2008 at 10:36:23AM +0200, Lars Nood??n wrote:
| How are zombies best dealt with, correctively?
By fixing the bugs in the parent.
| My OBSD 4.2 x86 machine is showing memory and CPU utilization are a
| negligable fraction of the total capacity. Yet, it is getting maxed out
On 12 March 2008, Lars NoodC)n [EMAIL PROTECTED] wrote:
[...]
And, is there a generic way to prevent them? The cause is a perl CGI
called by apache2
Depending on what you're doing, make the parent wait(2) for the
processes or setsid(3).
Regards,
Liviu Daia
--
Dr. Liviu Daia
* Theo de Raadt [EMAIL PROTECTED] [2008-03-12 10:36]:
Looking ahead, what is the timeline for moving to Apache2?
Likely never, unless they decide to change their license.
even then... I don't see any advatages in apache2, but lots of
disadvantages and a gigantic design fault. No, not one,
Hi!
On Wed, Mar 12, 2008 at 12:05:29PM +0200, Liviu Daia wrote:
On 12 March 2008, Lars NoodC)n [EMAIL PROTECTED] wrote:
[...]
And, is there a generic way to prevent them? The cause is a perl CGI
called by apache2
Depending on what you're doing, make the parent wait(2) for the
processes or
On 12 March 2008, Hannah Schroeter [EMAIL PROTECTED] wrote:
Hi!
On Wed, Mar 12, 2008 at 12:05:29PM +0200, Liviu Daia wrote:
On 12 March 2008, Lars NoodC)n [EMAIL PROTECTED] wrote:
[...]
And, is there a generic way to prevent them? The cause is a perl
CGI called by apache2
Depending
On 3/12/08, Lars NoodC)n [EMAIL PROTECTED] wrote:
Looking ahead, what is the timeline for moving to Apache2?
Or what are the major reasons 4.3 is going to still use 1.3x?
Take a look at http://nginx.net/ BSD license, seems to work, but I
don't know about its security profile. I'm sure it's
that forks but doesn't wait for its kid.
I generally *don't* see zombies in well-written Perl programs.
Was this FastCGI by any chance? I know there's unique problems related to
that for naive code that creates a child, because the parent never goes away
(since it's shared by the next series of CGI
On Wed, Mar 12, 2008 at 08:39:07AM -0500, Gregg Reynolds wrote:
On 3/12/08, Lars NoodC)n [EMAIL PROTECTED] wrote:
Looking ahead, what is the timeline for moving to Apache2?
Or what are the major reasons 4.3 is going to still use 1.3x?
Take a look at http://nginx.net/ BSD license, seems
it in top or ps. Other
designs use non-blocking forms and zombies may stick around long enough
to notice, but then disappear later when the parent makes a pass. If the
parent dies before calling wait, then the zombie is inherited by init
which will take care of it.
So, zombies happen, but the only
Theo de Raadt wrote:
apache2 is not free enough.
Ok. There were some additional reasons mentioned, but licensing is
enough on its own. I found the old announcement now that I know what to
look for:
http://archives.neohapsis.com/archives/openbsd/2004-06/0448.html
Apache 1.3.29 is decent
Randal L. Schwartz wrote:
Most likely a bug in a Perl script that forks but doesn't wait for its kid.
I generally *don't* see zombies in well-written Perl programs.
;)
Was this FastCGI by any chance?
No. I think it's the perl script, but now that gets added to my list of
things to do
Ok. There were some additional reasons mentioned, but licensing is
enough on its own. I found the old announcement now that I know what to
look for:
http://archives.neohapsis.com/archives/openbsd/2004-06/0448.html
Apache 1.3.29 is decent enough and has the functionality, name brand
If you want to serve http content via IPv6, then perhaps you can run
httpd on your (IPv4) loopback interface, and have relayd listen on
your public IPv6 interface, and forward requests over IPv4 to it ?
/Pete
On 12 Mar 2008, at 4:22 PM, Lars Noodin wrote:
Theo de Raadt wrote:
apache2 is not
Op Wed, 12 Mar 2008 17:05:01 +0100 schreef Pete Vickers
[EMAIL PROTECTED]:
If you want to serve http content via IPv6, then perhaps you can run
httpd on your (IPv4) loopback interface, and have relayd listen on
your public IPv6 interface, and forward requests over IPv4 to it ?
And then what
Lars NoodC)n wrote:
Would something like this be appropriate at the tail end of the httpd
man page for v 1.3.29?
Due to licensing changes, the version of Apache shipped with
OpenBSD will stay at version 1.3.29. Bugfixes will be provided,
but no further updates.
On Wed, Mar 12, 2008 at 11:58 AM, Theo de Raadt [EMAIL PROTECTED]
wrote:
A fork does not seem like a good return on investment, so v 1.3.29 will
probably go away sooner than later once the Apache Foundation drops
maintenance on the 1.3 series.
I'm just curious what is in 2.x that you
On 2008-03-12, Pete Vickers [EMAIL PROTECTED] wrote:
If you want to serve http content via IPv6, then perhaps you can run
httpd on your (IPv4) loopback interface, and have relayd listen on
your public IPv6 interface, and forward requests over IPv4 to it ?
Here's a better way: test the diffs at
bofh wrote:
On Wed, Mar 12, 2008 at 11:58 AM, Theo de Raadt [EMAIL PROTECTED]
wrote:
A fork does not seem like a good return on investment, so v 1.3.29 will
probably go away sooner than later once the Apache Foundation drops
maintenance on the 1.3 series.
I'm just curious what is in 2.x that
Quoting Jonathan Weiss [EMAIL PROTECTED]:
bofh wrote:
On Wed, Mar 12, 2008 at 11:58 AM, Theo de Raadt [EMAIL PROTECTED]
wrote:
A fork does not seem like a good return on investment, so v 1.3.29 will
probably go away sooner than later once the Apache Foundation drops
maintenance on the 1.3
Markus Lude wrote:
mbalmer@ posted a diff for IPv6 support for the base apache back last
december: see http://mini.vnode.ch/
Excellent. What, in general, are the plans? (Any answer is fine.)
Knowing more reduces the unnecessary questions, experiments and
speculations that get in the way.
My
On Wed, Mar 12, 2008 at 12:19:18PM -0400, bofh wrote:
| A fork does not seem like a good return on investment, so v 1.3.29 will
| probably go away sooner than later once the Apache Foundation drops
| maintenance on the 1.3 series.
|
|
| I'm just curious what is in 2.x that you need, that
Lars wrote:
But the second question still stands, is there a generic way to prevent
the formation of zombies? The cause in this specific case is a
perl-based CGI script called by apache2.
The easiest way might be to let perl auto-reap the children for you.
It's as simple as prepending
42 matches
Mail list logo