FS#62134 - tracker DDOS against NFS Server
Attached to Project:
Arch Linux
Opened by Jürgen Sauer (jojoax) - Monday, 25 March 2019, 07:52 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 15 October 2019, 16:32 GMT
Opened by Jürgen Sauer (jojoax) - Monday, 25 March 2019, 07:52 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 15 October 2019, 16:32 GMT
|
Details
Description:
Additional info: * tracker 2.2.1-1 (gnome) * standard, default configuration Steps to reproduce: - have gnome desktop installed, but not used. iE. Use xfce ode KDE Desktop ans standard, active. - have /home (and other directories, i.e. /srv/projects or other) mounted via nfs from central server - have plenty client worksations on the local net (LAN), which are using NFS - Loginto your Desktop - monitor serverload on your NFS Server - wait to employees loggin in, see your server is DDOS |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Tuesday, 15 October 2019, 16:32 GMT
Reason for closing: No response
Additional comments about closing: help offered to discuss this at our forums - no response.
Tuesday, 15 October 2019, 16:32 GMT
Reason for closing: No response
Additional comments about closing: help offered to discuss this at our forums - no response.
What happens exactly? High CPU on the server? NFS process crashes? Have you got any logs?
If there are plenty of NFS Clients are scanning every reachable nfs share from a nfs server with maximum speed, the server can't stand this.
This is a DDOS!
Distributed - mostly all company's nfs clients are involved and pulling the servers to the ground
Deny
Service -
Result server is broken, not responding any more.
it is a DDOS - q.e.d.
No Indexer, Contentscreener (either tracker nor ballo or whatever) may be allowed to index NFS and CIF mounted Servers by default.
The user in a small - self adminstrated network - may be allowed to enable it after a warning, but never, never enable this on default.
What happend exacktly:
Sunday to Monday night: the "pacman -Syu" updated every client. About 25 clients in local LAN.
Monday Morning:
08:00h employees entered company and switched on their workstations
08:05h server overload, all resources gone, load >120, io load over all limits, ram out, oom_reaper is working
08:06h clients showing up nfs-server not responding
08:07h all clients are showing "tracker" running, even if Gnome ist used or not, also KDE and XFCE4 are common here
Killing all tracker processes, removing tracker from all clients and rebooting the server fixed the problem.
Was a big waste of company resources, 25 employees each 3 hours lost.