dccproc eating up 98% of the CPU

Vernon Schryver vjs@calcite.rhyolite.com
Sat Oct 2 02:51:45 UTC 2004


> From: Ruben Safir Secretary NYLXS 

> I don't know how I can say this or demonstrate this more convincingly
> but there is no firewall

Ok.  What do you figure is the problem?  Do you think that 
   - the public DCC servers have filters against you?
      I don't recall an explicit statement of your IP address, but I
      don't see 64.105.122.138 in
      http://www.rhyolite.com/anti-spam/dcc/client-blacklist
  
  - a bug in the DCC code that only affects your system, and that
      causes `cdcc info` to be unable to raise any DCC servers and
      dccproc to loop?

> This is the NYLXS network on a Covad DSL line.  The server has no
> firewall.  It has a few dev null routes, and does masquarading for
> internal machines, but there is no firewall on any ports.

If "masquarading" means what I think it means, it *is* a firewall
of sorts.

> Covad is not blocking udp 6277 either.   I just ran nmap and found
> an open port UDP 6277 on one of the remote servers.

yes, but as I said before, can UDP packets from UDP port 6277 on 
one of the public DCC servers reach your system?


> I also ran ttcp and aquired this result
>
> www2:~ # ttcp -u  216.244.192.216 -p 6277
> ttcp-r: buflen=8192, nbuf=2048, align=16384/+0, port=5001  udp
> ttcp-r: socket
> ttcp-r: 0 bytes in 49.93 real seconds = 0.00 KB/sec +++
> ttcp-r: 1 I/O calls, msec/call = 51128.26, calls/sec = 0.02
> ttcp-r: 0.0user 0.0sys 0:49real 0% 0i+0d 0maxrss 0+0pf 0+0csw
> www2:~ # ttcp -u  216.244.192.216 -p 6277
> ttcp-r: buflen=8192, nbuf=2048, align=16384/+0, port=5001  udp
> ttcp-r: socket

Why shouldn't trying to send 2048 UDP packets, each with a random
payload of 8 KBytes to a public DCC server as fast as possible be
seen as a denial of service attack that requires permanently
blacklisting you and everyone you know?


> > Previous version of the DCC clients have had rare infinite loops, but
> > none are known today.  I assume you have used `cdcc -V` and 
> > `dccproc -V` to ensure that you are running the version 1.2.54 that
> > you said you are running.
>
> Now that might be something
>
> www2:~ # cdcc -V
> 1.2.36

(heavy sigh #4)


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.