dccproc eating up 98% of the CPU

Ruben Safir Secretary NYLXS ruben@mrbrklyn.com
Sat Oct 2 03:09:34 UTC 2004


On Fri, Oct 01, 2004 at 08:51:45PM -0600, Vernon Schryver wrote:
> > From: Ruben Safir Secretary NYLXS 
> 
> > I don't know how I can say this or demonstrate this more convincingly
> > but there is no firewall
> 
> Ok.  What do you figure is the problem?  Do you think that 
>    - the public DCC servers have filters against you?
>       I don't recall an explicit statement of your IP address, but I
>       don't see 64.105.122.138 in
>       http://www.rhyolite.com/anti-spam/dcc/client-blacklist
>   
>   - a bug in the DCC code that only affects your system, and that
>       causes `cdcc info` to be unable to raise any DCC servers and
>       dccproc to loop?

I'm using broken or old code :)

I have no doubts its my fault, I was just going nuts trying to fix it.
You nailed it with the wrong dcc version.  I was using 1.26 or something
like that.  

> 
> If "masquarading" means what I think it means, it *is* a firewall
> of sorts.
> 

Well, it's using IP Tables to masquared, but no firewall port blocking

#/sbin/route add -net 64.124.0.0 netmask 255.255.0.0 reject #above.net spam
/sbin/route add default gw 64.105.122.137 dev eth1
/sbin/route add 10.0.0.0 gw 10.0.0.5 dev eth1

## MASQUERADING Rule ##
/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

## NAT Setup for flatbush
/sbin/ifconfig eth1:1 64.105.122.139 netmask 255.255.255.0
/usr/sbin/iptables -t nat -A PREROUTING -d 64.105.122.139 -i eth1 -j DNAT \
	  --to-destination 10.0.0.62
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 64.105.122.139 -i eth1 \
	   --dport 80 -j DNAT --to-destination 10.0.0.62:80
/usr/sbin/iptables -t nat -A PREROUTING -p tcp -d 64.105.122.139 -i eth1 \
	   --dport 443 -j DNAT --to-destination 10.0.0.62:443

Thats the script I wrote for the masqurading.  I could know a lot more about
firewalls.


	   
> 
> yes, but as I said before, can UDP packets from UDP port 6277 on 
> one of the public DCC servers reach your system?
> 

How do you test that if you don't have something listening on that  port?

> 
> Why shouldn't trying to send 2048 UDP packets, each with a random
> payload of 8 KBytes to a public DCC server as fast as possible be
> seen as a denial of service attack that requires permanently
> blacklisting you and everyone you know?
> 

Say again?  Did I create a DOS event?  Very sorry.  If was not intentional, and only a few 
seconds to a single host.

Ruevain



-- 
__________________________
Brooklyn Linux Solutions

So many immigrant groups have swept through our town 
that Brooklyn, like Atlantis, reaches mythological 
proportions in the mind of the world  - RI Safir 1998

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://fairuse.nylxs.com

http://www.mrbrklyn.com - Consulting
http://www.inns.net <-- Happy Clients
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.