[cod] Disapointed

MayDay MayDay at Players-Inc.dk
Wed Nov 26 04:49:54 EST 2003


Yeah, i am running ssh, and was think more of ftp client not ftpd  :D

----- Original Message ----- 
From: "James Kreuziger" <jkreuzig at cyberonic.com>
To: <cod at icculus.org>
Sent: Wednesday, November 26, 2003 9:56 AM
Subject: RE: [cod] Disapointed


> 
> >I had no idea samba was that big og a security risc.
> >Neither did i know that i could cause lag.
> >I has both samba shares AND smbfs mounts.
> >Ill remove the crap and use ftp in the future.
> 
> I'd suggest that you ditch the ftp also, and make sure you 
> are running an ssh daemon instead.  There are ssh clients for 
> all different OS's you can think of, and most include an sftp client.  
> Standard ftp is notoriously insecure, as insecure as telnet.  It's 
> worth the minor hit in resources to go with ssh. 
> 
> That's my 2 cents.
> 
> -Jim(whatever)
> 
> ----- Original Message -----
> From: "Dave Whitla" <dave.whitla at ocean.net.au>
> To: <cod at icculus.org>
> Sent: Wednesday, November 26, 2003 1:00 AM
> Subject: Re: [cod] Disapointed
> 
> 
> > MayDay,
> >
> > I'm not even running the server yet - too damn busy to play games
> lately
> > (despite hanging out for it).  However, I note a few things about your
> > process list that could be improved.
> >
> > I don't believe this is a resource issue, in the obvious sense (ie
> memory,
> > cpu, disk, swap) or bandwidth of your connection - more likely in the
> way
> > your machine is accessing that bandwidth.
> >
> >
> > On Wed, 26 Nov 2003 05:10 am, MayDay wrote:
> > > TOP: Sorted after Memory.
> > >
> > > All the extra services i started like udpb, codbot, uglygs, apache i
> tried
> > > to shut down aswell as server logging, still lags.
> > >   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
> > >   857 clan      15   0  214m 109m 3084 S  0.0 21.7   2:43.96
> cod_lnxded
> > >   346 www-data  16   0 72060 3404  69m S  0.0  0.7   0:00.00 apache
> > >   694 www-data  15   0 72068 3404  69m S  0.0  0.7   0:00.00 apache
> > turn this off - you certainly dont need it and (from the rest of this
> it
> looks
> > like this might be your first linux install - not having a shot here
> just
> > noting) your default apache settings might specify non-existent files
> that
> > the server keeps looking for for example.
> >
> > >   864 clan      15   0  5216 3380 3896 S  0.0  0.7   0:00.14 python
> > >   315 root      16   0 71932 3124  69m S  0.0  0.6   0:00.03 apache
> > >  1018 root      16   0  7152 2472 5692 S  0.0  0.5   0:00.00 smbd
> > >   134 root      17   0  5280 2232 3636 S  0.0  0.4   0:00.00
> mount.smbfs
> > >  1016 root      15   0  5264 2184 3856 S  0.0  0.4   0:00.13 nmbd
> > what the? - never run samba on a net connected box unless you really
> know
> what
> > you are doing security wise.  do you have a win2k/xp machine on the
> same
> > subnet.  i notice really bad lag accessing smb shares on win2k/xp from
> my
> > debian machine in the office - have you mounted an smb share here?
> > Either way ditch samba-server - you can keep the client and common
> packages
> > for manual use to connect to a wintendo machine as required.
> > apt-get purge samba-server
> >
> > >   264 root      34  19 19804 2076 2600 S  0.0  0.4   0:01.86
> server_linux
> > >   265 root      16   0 19804 2076 2600 S  0.0  0.4   0:00.00
> server_linux
> > >   266 root      15   0 19804 2076 2600 S  0.0  0.4   0:02.01
> server_linux
> > >   267 root      15   0 19804 2076 2600 S  0.5  0.4   0:19.16
> server_linux
> > >   268 root      15   0 19804 2076 2600 S  0.5  0.4   0:09.23
> server_linux
> > >   270 root      16   0 19804 2076 2600 S  0.0  0.4   0:00.00
> server_linux
> > >   271 root      15   0 19804 2076 2600 S  0.0  0.4   0:00.05
> server_linux
> > >   272 root      15   0 19804 2076 2600 S  0.0  0.4   0:00.03
> server_linux
> > >   273 root      15   0 19804 2076 2600 S  0.0  0.4   0:01.02
> server_linux
> > what is this? - it's running as root by the way
> >
> > >   244 root      15   0  3024 1964 1820 S  0.0  0.4   0:00.00 named
> > You dont need this - and it may be doing domain reverse-lookups
> depending
> on
> > your inetd config below.  Unless you really need a DNS server use a
> DNS
> > caching client instead.  Incidentally, if this isnt Bind9 you are
> asking
> for
> > a root-kit.
> >
> > >  1054 clan      17   0  6164 1892 5592 R  0.0  0.4   0:00.01 sshd
> > >  1052 root      17   0  6008 1780 5592 S  0.0  0.3   0:00.01 sshd
> > >   854 clan      22   0  3400 1628 2524 S  0.0  0.3   0:00.01 perl
> > >   300 root      16   0  3096 1400 2896 S  0.0  0.3   0:00.00 sshd
> > >  1055 clan      16   0  2576 1380 2400 S  0.0  0.3   0:00.00 bash
> > >   849 clan      16   0  2692 1368 2180 S  0.0  0.3   0:00.01 screen
> > >   863 clan      16   0  2692 1368 2180 S  0.0  0.3   0:00.00 screen
> > >   230 root      16   0  2232 1240 1360 S  0.0  0.2   0:00.09 klogd
> > >   853 clan      16   0  2684 1176 2180 S  0.0  0.2   0:00.00 screen
> > >  1056 clan      16   0  2076 1032 1868 R  0.0  0.2   0:00.04 top
> > >   236 root      16   0  2376 1028 2000 S  0.0  0.2   0:00.29 pppd
> > Looks like the server is also your DSL gateway
> >
> > >   123 root      16   0  2088 1016 1752 S  0.0  0.2   0:00.00
> dhclient
> > Necessary if you have a dynamically assigned Internet IP from your DSL
> > provider - check the polling interval - unlikely to have anything to
> do
> with
> > this though.
> >
> > >   858 clan      15   0  1820 1004  592 S  0.0  0.2   0:00.93 codbot
> > >   850 clan      22   0  2296  984 2212 S  0.0  0.2   0:00.00 sh
> > >   303 root      18   0  1692  740 1524 S  0.0  0.1   0:00.00
> rpc.statd
> > Remove this NOW.
> >
> > >   311 root      16   0  1780  736 1600 S  0.0  0.1   0:00.00 cron
> > >   227 root      16   0  1576  628 1408 S  0.0  0.1   0:00.30 syslogd
> > >   308 daemon    16   0  1708  628 1544 S  0.0  0.1   0:00.00 atd
> > >   237 root      15   0  1584  608 1396 S  0.0  0.1   0:45.37 pptp
> > >   127 daemon    15   0  1740  600 1572 S  0.0  0.1   0:00.00 portmap
> > Remove this - it is a well known security exploit and is totally
> unnecessary.
> >
> > >   286 root      18   0  1612  588 1432 S  0.0  0.1   0:00.00 lpd
> > Don't need this - potential security hole also - historically there
> have
> been
> > lots of LPD exploits.
> >
> > >   239 root      16   0  1568  576 1396 S  0.0  0.1   0:00.00 pptp
> > >   282 root      21   0  1556  536 1400 S  0.0  0.1   0:00.00 inetd
> > >     1 root      16   0  1516  512 1364 S  0.0  0.1   0:03.80 init
> > >   340 root      17   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> > >   341 root      17   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> > >   342 root      17   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> > >   343 root      16   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> > >   344 root      16   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> > >   345 root      16   0  1516  468 1352 S  0.0  0.1   0:00.00 getty
> > >   860 clan      22   0  1532  456 1364 S  0.0  0.1   0:00.00 rm
> > >     2 root      34  19     0    0    0 S  0.0  0.0   0:00.00
> ksoftirqd/0
> > >     3 root       5 -10     0    0    0 S  0.0  0.0   0:00.00
> events/0
> > >     4 root       5 -10     0    0    0 S  0.0  0.0   0:00.00
> kblockd/0
> > >     5 root      25   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
> > >     6 root      15   0     0    0    0 S  0.0  0.0   0:00.00 pdflush
> >
> > Also PPTP could be having an impact - I don't use it myself so I can't
> say
> > with any certainty - I have a separate box acting as
> router/firewall/IPSEC
> > gateway because tunnelling is no good to me without encryption.  That
> said,
> > PPTP is in the kernel (is it still marked as experimental? I'm not
> sure)
> but
> > still has a performance overhead as it encapsulates and unencapsulates
> > packets - and here it is tracking several virtual links - do all your
> clan
> > connect over PPTP to this box - it will certainly reduce your player
> limit.
> >
> > Before you waste too much time trying to trace the cause it would be
> best
> to
> > remove all these unnecessary services.
> >
> > Also, the linux distro isnt so important as the glibc you are using.
> > What debian release are you using (stable/testing/unstable) and are
> you
> using
> > packages from more than 1 release?
> >
> > If, after you have narrowed the field of potential causes by removing
> stuff,
> > you still have a problem search every file in /var/log for evidence
> that
> > something exceptional is occuring - like errors/warnings that
> something
> can't
> > be found etc.
> >
> > You may not get much useful help from guys with big or commercial
> setups
> > because they most likely arent trying to do so many divergent tasks
> with
> the
> > one box.
> >
> > I'm sure you'll post if this is all crap - so I'll keep an eye out.  I
> want to
> > run this server on one of my Debian servers anyway so if it's specific
> to
> the
> > distro I'll be keen to help you track it down.
> >
> > Dave
> >
> 



More information about the Cod mailing list