[cod] Disapointed

MayDay MayDay at Players-Inc.dk
Tue Nov 25 19:56:28 EST 2003 

This REALLY helped alot Dave:D

I had no idea samba was that big og a security risc.
Neither did i know that i could cause lag.
I has both samba shares AND smbfs mounts.
Ill remove the crap and use ftp in the future.

server_linux is Teamspeak2, donno why it spawned so many threads, maybe its
like apache, thinking it's super important and going to get 1000 connection
in the next few min :D

named:
Think it was me messing around, i have problems resolving hostnames -> ip's
even ping fails unless i add it to /etc/hosts. i recall that it worked fine
in the past, maybe its the dhcp server out her thats wierd, but my windows
machine works fine.
Anyways i recall something about named when i was trying to fix it.
Now that you mention it i did enabled  reverse hostname lookup on something,
just can't remeber what it was, if it was the samba service it would try
every time somebody on the network tried to connect, and we are about 2000
people on the campus net, and my box can resolve hostnames->ip's so that
sould explain it.
I donno what package this is in, i could just stop it from starting up ofc,
but would rather remove it alltogether.

gateway:
yeah VPN network, hell to get working under linux, but seems to run great,
pings return 1-2ms to danish servers.

rpc.statd:
have no idea what it is and im almost posetive i dident install it, is it
default in debian maybe?

portmapper:
path of the rpc package i think, removign this also removed the rpc.statd if
im not mistaken.

lpd:
removed, linux printer deamon i reckon, don't need it :D

pptp:
used this to get my VPN running, i saw there was a new vpn module in the 2.6
kernel, but it's experimental.
it is my 100MB line running on this, so all internet trafficcomes through
here, windows handled it perfectly. i was surprised to se how poor the
support in linux was for VPN.

Well it's 02:00 here and i cant get it tested until tomorrow but i think it
could be the samba thing.

Thanks alot again for all the help, not only for this problem but for
explaining linux services in general :D

//MD


----- Original Message -----
From: "Dave Whitla" <dave.whitla at ocean.net.au>
To: <cod at icculus.org>
Sent: Wednesday, November 26, 2003 1:00 AM
Subject: Re: [cod] Disapointed


> MayDay,
>
> I'm not even running the server yet - too damn busy to play games lately
> (despite hanging out for it).  However, I note a few things about your
> process list that could be improved.
>
> I don't believe this is a resource issue, in the obvious sense (ie memory,
> cpu, disk, swap) or bandwidth of your connection - more likely in the way
> your machine is accessing that bandwidth.
>
>
> On Wed, 26 Nov 2003 05:10 am, MayDay wrote:
> > TOP: Sorted after Memory.
> >
> > All the extra services i started like udpb, codbot, uglygs, apache i
tried
> > to shut down aswell as server logging, still lags.
> >   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
> >   857 clan      15   0  214m 109m 3084 S  0.0 21.7   2:43.96 cod_lnxded
> >   346 www-data  16   0 72060 3404  69m S  0.0  0.7   0:00.00 apache
> >   694 www-data  15   0 72068 3404  69m S  0.0  0.7   0:00.00 apache
> turn this off - you certainly dont need it and (from the rest of this it
looks
> like this might be your first linux install - not having a shot here just
> noting) your default apache settings might specify non-existent files that
> the server keeps looking for for example.
>
> >   864 clan      15   0  5216 3380 3896 S  0.0  0.7   0:00.14 python
> >   315 root      16   0 71932 3124  69m S  0.0  0.6   0:00.03 apache
> >  1018 root      16   0  7152 2472 5692 S  0.0  0.5   0:00.00 smbd
> >   134 root      17   0  5280 2232 3636 S  0.0  0.4   0:00.00 mount.smbfs
> >  1016 root      15   0  5264 2184 3856 S  0.0  0.4   0:00.13 nmbd
> what the? - never run samba on a net connected box unless you really know
what
> you are doing security wise.  do you have a win2k/xp machine on the same
> subnet.  i notice really bad lag accessing smb shares on win2k/xp from my
> debian machine in the office - have you mounted an smb share here?
> Either way ditch samba-server - you can keep the client and common
packages
> for manual use to connect to a wintendo machine as required.
> apt-get purge samba-server
>
> >   264 root      34  19 19804 2076 2600 S  0.0  0.4   0:01.86
server_linux
> >   265 root      16   0 19804 2076 2600 S  0.0  0.4   0:00.00
server_linux
> >   266 root      15   0 19804 2076 2600 S  0.0  0.4   0:02.01
server_linux
> >   267 root      15   0 19804 2076 2600 S  0.5  0.4   0:19.16
server_linux
> >   268 root      15   0 19804 2076 2600 S  0.5  0.4   0:09.23
server_linux
> >   270 root      16   0 19804 2076 2600 S  0.0  0.4   0:00.00
server_linux
> >   271 root      15   0 19804 2076 2600 S  0.0  0.4   0:00.05
server_linux
> >   272 root      15   0 19804 2076 2600 S  0.0  0.4   0:00.03
server_linux
> >   273 root      15   0 19804 2076 2600 S  0.0  0.4   0:01.02
server_linux
> what is this? - it's running as root by the way
>
> >   244 root      15   0  3024 1964 1820 S  0.0  0.4   0:00.00 named
> You dont need this - and it may be doing domain reverse-lookups depending
on
> your inetd config below.  Unless you really need a DNS server use a DNS
> caching client instead.  Incidentally, if this isnt Bind9 you are asking
for
> a root-kit.
>
> >  1054 clan      17   0  6164 1892 5592 R  0.0  0.4   0:00.01 sshd
> >  1052 root      17   0  6008 1780 5592 S  0.0  0.3   0:00.01 sshd
> >   854 clan      22   0  3400 1628 2524 S  0.0  0.3   0:00.01 perl
> >   300 root      16   0  3096 1400 2896 S  0.0  0.3   0:00.00 sshd
> >  1055 clan      16   0  2576 1380 2400 S  0.0  0.3   0:00.00 bash
> >   849 clan      16   0  2692 1368 2180 S  0.0  0.3   0:00.01 screen
> >   863 clan      16   0  2692 1368 2180 S  0.0  0.3   0:00.00 screen
> >   230 root      16   0  2232 1240 1360 S  0.0  0.2   0:00.09 klogd
> >   853 clan      16   0  2684 1176 2180 S  0.0  0.2   0:00.00 screen
> >  1056 clan      16   0  2076 1032 1868 R  0.0  0.2   0:00.04 top
> >   236 root      16   0  2376 1028 2000 S  0.0  0.2   0:00.29 pppd
> Looks like the server is also your DSL gateway
>
> >   123 root      16   0  2088 1016 1752 S  0.0  0.2   0:00.00 dhclient
> Necessary if you have a dynamically assigned Internet IP from your DSL
> provider - check the polling interval - unlikely to have anything to do
with
> this though.
>
> >   858 clan      15   0  1820 1004  592 S  0.0  0.2   0:00.93 codbot
> >   850 clan      22   0  2296  984 2212 S  0.0  0.2   0:00.00 sh
> >   303 root      18   0  1692  740 1524 S  0.0  0.1   0:00.00 rpc.statd
> Remove this NOW.
>
> >   311 root      16   0  1780  736 1600 S  0.0  0.1   0:00.00 cron
> >   227 root      16   0  1576  628 1408 S  0.0  0.1   0:00.30 syslogd
> >   308 daemon    16   0  1708  628 1544 S  0.0  0.1   0:00.00 atd
> >   237 root      15   0  1584  608 1396 S  0.0  0.1   0:45.37 pptp
> >   127 daemon    15   0  1740  600 1572 S  0.0  0.1   0:00.00 portmap
> Remove this - it is a well known security exploit and is totally
unnecessary.
>
> >   286 root      18   0  1612  588 1432 S  0.0  0.1   0:00.00 lpd
> Don't need this - potential security hole also - historically there have
been
> lots of LPD exploits.
>
> >   239 root      16   0  1568  576 1396 S  0.0  0.1   0:00.00 pptp
> >   282 root      21   0  1556  536 1400 S  0.0  0.1   0:00.00 inetd
> >     1 root      16   0  1516  512 1364 S  0.0  0.1   0:03.80 init
> >   340 root      17   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> >   341 root      17   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> >   342 root      17   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> >   343 root      16   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> >   344 root      16   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> >   345 root      16   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> >   860 clan      22   0  1532  456 1364 S  0.0  0.1   0:00.00 rm
> >     2 root      34  19     0    0    0 S  0.0  0.0   0:00.00 ksoftirqd/0
> >     3 root       5 -10     0    0    0 S  0.0  0.0   0:00.00 events/0
> >     4 root       5 -10     0    0    0 S  0.0  0.0   0:00.00 kblockd/0
> >     5 root      25   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
> >     6 root      15   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
>
> Also PPTP could be having an impact - I don't use it myself so I can't say
> with any certainty - I have a separate box acting as router/firewall/IPSEC
> gateway because tunnelling is no good to me without encryption.  That
said,
> PPTP is in the kernel (is it still marked as experimental? I'm not sure)
but
> still has a performance overhead as it encapsulates and unencapsulates
> packets - and here it is tracking several virtual links - do all your clan
> connect over PPTP to this box - it will certainly reduce your player
limit.
>
> Before you waste too much time trying to trace the cause it would be best
to
> remove all these unnecessary services.
>
> Also, the linux distro isnt so important as the glibc you are using.
> What debian release are you using (stable/testing/unstable) and are you
using
> packages from more than 1 release?
>
> If, after you have narrowed the field of potential causes by removing
stuff,
> you still have a problem search every file in /var/log for evidence that
> something exceptional is occuring - like errors/warnings that something
can't
> be found etc.
>
> You may not get much useful help from guys with big or commercial setups
> because they most likely arent trying to do so many divergent tasks with
the
> one box.
>
> I'm sure you'll post if this is all crap - so I'll keep an eye out.  I
want to
> run this server on one of my Debian servers anyway so if it's specific to
the
> distro I'll be keen to help you track it down.
>
> Dave
>

More information about the Cod mailing list