[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[LDM #CSZ-262645]: errant LDM REQUESTs on sirocco.srcc.lsu.edu

Hi David,

Thanks for the quick response to last night's email!

> I have provided ssh access to sirocco from laraine.unidata (user 'ldm',
> passwd: same as the one you use for mistral).

Thanks!  Two problems:

- I no longer have the password that I used to use to access mistral.  I
  can SSH to mistral by virtue of my id_dsa.pub key being included in the
  authorized_keys file on mistral.

- I just tried to SSH to sirocco (using a _very_ old password provided by
  Bob Leche a long time ago), but I had no success as the password was
  not accepted.

Can you send this to my private Unidata email address (address@hidden)
** without reference to the account name or machine for which it is valid ** ?

> I ran a root-kit analyzer
> and checked all the firewall rules - no suspicious activities there.
> Let me know what you find.

I didn't mean to imply that there is a denial of service attach from
sirocco.  The repeated and numerous LDM feed REQUESTs being issued
by sirocco to our IDD top level relay cluster, idd.unidata.ucar.edu,
is effectively acting as a denial of service attach.  This is because
the latest versions of the LDM allow the LDM administrator to set an
upper limit on the number of connections permitted, and that number
is being exceeded by the >160 connection REQUESTs that sirocco had
issued as of last night.  Our only course of action was to blacklist
sirocco's IP until we can determine what is causing the repeated
REQUESTs on sirocco.


Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
Unidata HomePage                       http://www.unidata.ucar.edu

Ticket Details
Ticket ID: CSZ-262645
Department: Support LDM
Priority: Normal
Status: Open

NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.