[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: klecker mirror checker

> On Wed, Jul 09, 2008 at 07:27:46PM -0400, Ricardo Yanez wrote:
>> We were recently forced to password protect
>> rsync://ftp.cl.debian.org/debian after two exploits to the pool/ that
>> infuriated our sponsor.
> Erh, you had exploits to the pool? Of what kind?

of the most simple kind; an unknown IP downloading the entire pool,
clogging  a switch managed by the computing department. This happened
twice within the last 30 days, different IPs, no reverse lookup. I'm
myself not convinced it was a malicious attempt, but the mentioned
switch, which serves many other servers, got swamped by the intense
traffic. The computing department (over)reacted strongly. We responded
by password protecting the rsync port since there were talks about
shaping the traffic to the server, which would be unfortunate.


Reply to: