[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: klecker mirror checker

 >>>> We were recently forced to password protect
 >>>> rsync://ftp.cl.debian.org/debian after two exploits to the pool/
 >>>> infuriated our sponsor.
 >>> Erh, you had exploits to the pool? Of what kind?
 >> of the most simple kind; an unknown IP downloading the entire pool,
clogging  a switch managed by the computing department. This
 >> twice within the last 30 days, different IPs, no reverse lookup. I'm
myself not convinced it was a malicious attempt, but the mentioned
switch, which serves many other servers, got swamped by the intense
traffic. The computing department (over)reacted strongly. We
 >> by password protecting the rsync port since there were talks about
shaping the traffic to the server, which would be unfortunate.

 > So not an exploit but simply a user using an offered service.
 > Which then, unfortunately, showed that the infrastructure around that
server can't deal with that.

 > Saying exploit just rings a number of alarm bells for people reading
this list... :)

I have conveyed what the department of computing said about the traffic
in two days in the past month. This is the second time they accuse
ftp.cl.d.o of being hacked (I didn't report the first one). The logs of
the server say there is nothing special about those days, just "a user
using an offered service". I'm still waiting for the computing
department to give an explanation. Their reaction is harsh against
ftp.cl.d.o, when in reality it's their fault. That's at least my
opinion. They scream up high, make false accusations, when proven wrong,
complete silence. But the accusation still resonates everywhere. I've
been yearning to find another sponsor for ftp.cl.d.o.


Reply to: