[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: klecker mirror checker

>>> We were recently forced to password protect
>>> rsync://ftp.cl.debian.org/debian after two exploits to the pool/ that
>>> infuriated our sponsor.
>> Erh, you had exploits to the pool? Of what kind?
> of the most simple kind; an unknown IP downloading the entire pool,
> clogging  a switch managed by the computing department. This happened
> twice within the last 30 days, different IPs, no reverse lookup. I'm
> myself not convinced it was a malicious attempt, but the mentioned
> switch, which serves many other servers, got swamped by the intense
> traffic. The computing department (over)reacted strongly. We responded
> by password protecting the rsync port since there were talks about
> shaping the traffic to the server, which would be unfortunate.

So not an exploit but simply a user using an offered service.
Which then, unfortunately, showed that the infrastructure around that
server can't deal with that.

Saying exploit just rings a number of alarm bells for people reading
this list... :)

bye, Joerg
<vorlon> I wouldn't call it a registry, though.  How about "link farm"? :)
<aj> hard links, hard links
<vorlon> with a link link here and a link link there
<aj> here a link, there a link, everywhere a link link

Reply to: