[vpsFree: outage-list] Re: Výpadek / Outage - node24.prg - 2022-11-16 16:53 CET

Očekávaná délka: 50 -> 100 minut Popis: DoS s vsftpd Dnešní požíže byly nejspíše způsobeny FTP servery vsftpd. vsftpd pro každé spojení vytváří nový network namespace a kernel nestíhal vytvářet a mazat tolik network namespaces, až se úplně zaseknul. V 18:40 byl druhý reset nodu. Dočasně jsme zablokovali TCP port 21, FTP na node24.prg tedy aktuálně nefunguje. Při hledání problému jsme také odebrali moduly pro ipip a GRE tunely. Nahlásil: Jakub Skokan ENGLISH: Duration: 50 -> 100 minutes Summary: DoS by vsftpd Today's troubles have been most likely caused by vsftpd abusing network namespaces. A new network namespace is created for each connection. Creating and destroying so many network namespaces caused the kernel to lock up. There has been a second reset at 18:40. To alleviate the issue, we have temporarily blocked TCP port 21, so FTP on node24.prg is not working. We have also disabled ipip and GRE tunnels to lighten the load. Reported by: Jakub Skokan -----BEGIN BASE64 ENCODED PARSEABLE JSON----- eyJpZCI6MjYwNSwiY2hhbmdlcyI6eyJkdXJhdGlvbiI6eyJmcm9tIjo1MCwi dG8iOjEwMH19LCJ0cmFuc2xhdGlvbnMiOnsiZW4iOnsic3VtbWFyeSI6IkRv UyBieSB2c2Z0cGQiLCJkZXNjcmlwdGlvbiI6IlRvZGF5J3MgdHJvdWJsZXMg aGF2ZSBiZWVuIG1vc3QgbGlrZWx5IGNhdXNlZCBieSB2c2Z0cGQgYWJ1c2lu ZyBuZXR3b3JrIG5hbWVzcGFjZXMuIEEgbmV3IG5ldHdvcmsgbmFtZXNwYWNl IGlzIGNyZWF0ZWQgZm9yIGVhY2ggY29ubmVjdGlvbi4gQ3JlYXRpbmcgYW5k IGRlc3Ryb3lpbmcgc28gbWFueSBuZXR3b3JrIG5hbWVzcGFjZXMgY2F1c2Vk IHRoZSBrZXJuZWwgdG8gbG9jayB1cC4gVGhlcmUgaGFzIGJlZW4gYSBzZWNv bmQgcmVzZXQgYXQgMTg6NDAuIFRvIGFsbGV2aWF0ZSB0aGUgaXNzdWUsIHdl IGhhdmUgdGVtcG9yYXJpbHkgYmxvY2tlZCBUQ1AgcG9ydCAyMSwgc28gRlRQ IG9uIG5vZGUyNC5wcmcgaXMgbm90IHdvcmtpbmcuIFdlIGhhdmUgYWxzbyBk aXNhYmxlZCBpcGlwIGFuZCBHUkUgdHVubmVscyB0byBsaWdodGVuIHRoZSBs b2FkLiJ9LCJjcyI6eyJzdW1tYXJ5IjoiRG9TIHMgdnNmdHBkIiwiZGVzY3Jp cHRpb24iOiJEbmXFoW7DrSBwb8W+w63FvmUgYnlseSBuZWpzcMOtxaFlIHpw xa9zb2JlbnkgRlRQIHNlcnZlcnkgdnNmdHBkLiB2c2Z0cGQgcHJvIGthxb5k w6kgc3BvamVuw60gdnl0dsOhxZnDrSBub3bDvSBuZXR3b3JrIG5hbWVzcGFj ZSBhIGtlcm5lbCBuZXN0w61oYWwgdnl0dsOhxZlldCBhIG1hemF0IHRvbGlr IG5ldHdvcmsgbmFtZXNwYWNlcywgYcW+IHNlIMO6cGxuxJsgemFzZWtudWwu IFYgMTg6NDAgYnlsIGRydWjDvSByZXNldCBub2R1LiBEb8SNYXNuxJsganNt ZSB6YWJsb2tvdmFsaSBUQ1AgcG9ydCAyMSwgRlRQIG5hIG5vZGUyNC5wcmcg dGVkeSBha3R1w6FsbsSbIG5lZnVuZ3VqZS4gUMWZaSBobGVkw6Fuw60gcHJv YmzDqW11IGpzbWUgdGFrw6kgb2RlYnJhbGkgbW9kdWx5IHBybyBpcGlwIGEg R1JFIHR1bmVseS4ifX19 -----END BASE64 ENCODED PARSEABLE JSON-----