[rbak-nsp] DOS

Marcin Kuczera marcin at leon.pl
Wed Jan 18 19:38:22 EST 2012 

Judith Sanders wrote:
> We were experiencing a DOS ssh on our SE800-we have modified our Border 
> Router ACL and also taken steps to only allow ssh on the management 
> internal interface of the box. Since this has happened our SE800 has 
> been running about 95% CPU and the inetd process has been running about 
> 89% of that. Also we are still not able to log into the box remotely 
> using SSH to the management interface. Just wondering if the processes 
> are running so high that the box will not allow us access until it calms 
> down (so to speak).
> 
> Has anyone had a similar experience with this?

Do you have i.e. BGP router in context local ?
It is a good practice to put all public access functions in context 
other than local. i.e. BGP can be in context bgp.
In context local, IP for management is private (at least in our case).

In all other context than local, there is by default no way to get via 
ssh or telnet to SmartEdge. The only one that works is SNMP.
All access can be configured by admin-access-group ACL per context.

This process (inetd) can not be restarted by command "process restart", 
but, if you switch over XCRPs, than it should calm down (if there is no 
other incomming unwanted traffic).

Regards,
Marcin




> 
>  
> 
> Judith Sanders
> 
>  
> 
>  
> 
> ***************************
> This email message and any files transmitted with it are intended solely
> for the use of the individual or entity  for whom it is addressed.  It
> may contain confidential and privileged information. If you are not the
> intended recipient, please contact the sender and destroy all paper and
> electronic copies of this message and its contents.  Any unauthorized
> review, use, disclosure or distribution of this email or any file
> attachments is strictly prohibited.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp

More information about the redback-nsp mailing list