Re: Is this an attack?

To: debian-isp@lists.debian.org
Subject: Re: Is this an attack?
From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
Date: Tue, 7 Dec 2010 16:35:43 +0100
Message-id: <201012071635.44069.jesus.navarro@undominio.net>
In-reply-to: <000f01cb960c$00206c90$006145b0$@rodolfo@lunarconsultoria.com.br>
References: <000f01cb960c$00206c90$006145b0$@rodolfo@lunarconsultoria.com.br>

Hi, Rodolfo:

On Tuesday 07 December 2010 13:40:54 Rodolfo Barbosa wrote:
> Hi,
>
> One of my servers, that's still running the old Debian Etch,
> is been the responsible for de crash of my entire internet
> access.

What do you mean, your "entire internet access"?  Is it consuming bandwith? is 
it managing to alter some other systems?

> Every time that my internet access gets down, I see an weird
> process called 'std' or 'S' always running by www-data user
> that consumes all the machine process and network resources.

So it's probably someone found a bug on some app you are offering through your 
web server which is serving data on your back.  It might pose further dangers 
like gaining root privileges through known bugs in Etch's kernel.

> Is this any know attack?

Yes.  It is plently known that you *never* *ever* should abandon an 
Internet-facing server on an EOL-ed operative system or app.

> I need to get good arguments to 
> convince the users of this server to allow me to get it
> upgraded.

You don't need any argument to upgrade a system prior to become EOL-ed: you 
stablish it as your working policy and act accordingly.

Cheers.

Reply to:

References:
- Is this an attack?
  - From: "Rodolfo Barbosa" <barbosa.rodolfo@lunarconsultoria.com.br>

Prev by Date: Re: Is this an attack?
Next by Date: Re: Is this an attack?
Previous by thread: Re: Is this an attack?
Next by thread: Re: Is this an attack?
Index(es):
- Date
- Thread