'Re: [webmin-l] Server Logs Regarding Possible Attack'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webmin-l
Subject:    Re: [webmin-l] Server Logs Regarding Possible Attack
From:       Jamie Cameron <jcameron () webmin ! com>
Date:       2006-01-27 22:11:14
Message-ID: 200601272210.k0RMA8Z21489 () fudu ! webmin ! com
[Download RAW message or body]

Is anything appearing in the miniserv.error log file? If not, that suggests the \
attack was at a lower protocol level, such as partially opening a huge number of TCP \
connections to use up the Webmin processes's listen queue. 

If so, this makes it more of a denial-of-service attack than a security breach. As \
far as I know, there isn't much you can do apart from blocking the attacker at your \
firewall, assuming you know their IP.

 - Jamie

-----Original Message-----

From:  MWS <webmin@romagnoli.us>
Subj:  [webmin-l] Server Logs Regarding Possible Attack
Date:  Fri 27 Jan 2006 3:12 pm
Size:  996 bytes
To:  webadmin-list@lists.sourceforge.net


I had a weird situation yesterday where my server seemed to be under attack, or maybe \
just had a problem.

At first, the ports, 10000 and 20000, would not respond.  Then ssh and http both went \
down.  Ftp stayed available.

My network center eventually cleared up the issues, but told me it was up to me to \
figure out what went wrong.

Where do I look?

I looked at the logs under var/webmin/webmin.log, but don't see anything unusual.

Any suggestions?

Thanks,

-Mike


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list




-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
-
Forwarded by the Webmin mailing list at webadmin-list@lists.sourceforge.net
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-list


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic