similar to: Linux Zombie Web Servers

Fred Smith wrote: > On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote: > >> >>> This is just the first screen of it, there are many more. The data >>> compiled here is for the last month (rsyslog is keeping the current log >>> plus four older logs). I find it disturbing that there were 12251 >>> attempts at telnet during that time, 2154 on

On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote: > > > This is just the first screen of it, there are many more. The data > > compiled here is for the last month (rsyslog is keeping the current > > log plus four older logs). I find it disturbing that there were 12251 > > attempts at telnet during that time, 2154 on 8080, and so forth. either > > I'm

http://blog.mellenthin.de/archives/2008/12/30/25c3-hangover/ says, in a writeup about the recent CCC meeting, "Sehr interessant war Squeezing Attack Traces und Stormfucker: Owning the Storm Botnet. Zuerst wurden konkrete Techniken gezeigt, wie man Malware analysieren kann. Die Zentrale Idee ist hier, statt eine Sandbox (Windows in einer VM) zu verwenden, die Requests unter Linux an Wine

On Fri, Aug 02, 2019 at 09:28:23AM -0400, mark wrote: > Fred Smith wrote: > > On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote: > > > >> > >>> This is just the first screen of it, there are many more. The data > >>> compiled here is for the last month (rsyslog is keeping the current log > >>> plus four older logs). I find it

Hi, I've come across some messages from sshd (OpenSSH 6.7) in my auth.log that I hadn't noticed before: sshd[32008]: error: Received disconnect from x.x.x.x: 3: \ com.jcraft.jsch.JSchException: Auth fail [preauth] I was kinda puzzled why sshd would emit some JCraft[0] messages and the best explanation I found was this Serverfault[1] answer, quoting a snippet from packet.c:1965

For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate

Hi all, Our network is suspected to be infected by malware by the detector in upline network. Turns out that some of our developers use 1.1.1.1 as a "pinging testing". Google comes to my knowledge that 1.1.1.1 is not a private IP anymore? Since when? Also Google says 1.1.1.1 is well-known to be used by botnet command and control host?? I've blocked it in the local gateway. Just

> This is just the first screen of it, there are many more. The data > compiled here is for the last month (rsyslog is keeping the current > log plus four older logs). I find it disturbing that there were 12251 > attempts at telnet during that time, 2154 on 8080, and so forth. either > I'm some kind of special/hot target, or else everybody gets this kind > of crap and may not

On 02/04/2015 07:55 PM, Always Learning wrote: > Rent ? That costs money. Just crack open some Windoze machines and do > it for free. That is what many hackers do. Those crackers who build these botnets are the ones who rent out botnet time to people who just was to get the work done. There is a large market in botnet time. > > Is this safe enough ? > >

Hi, Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs. Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log

Hello, While reading Dan North''s BDD tutorial <http://dannorth.net/introducing-bdd>, I tried to implement his ATM example as spec stubs. When I first implemented it creating a context for each of his scenarios, I noticed that there is duplication and a combinatorial explosion of the specs. I attached the full files to this email. For brevity, I will use scenario 1 in the body of

> On Jul 28, 2015, at 6:32 PM, Warren Young <wyml at etr-usa.com> wrote: > > On Jul 28, 2015, at 4:37 PM, Nathan Duehr <denverpilot at me.com> wrote: >> >>> On Jul 28, 2015, at 11:27, Warren Young <wyml at etr-usa.com> wrote: >>> >>> So no, your local password quality policy is not purely your own concern. >> >> Other than

> On Feb 4, 2015, at 5:55 PM, Always Learning <centos at u64.u22.net> wrote: > > On Wed, 2015-02-04 at 17:50 -0700, Warren Young wrote: > >>> rent time on a 6,000 machine botnet. > > Rent ? That costs money. Just crack open some Windoze machines and do > it for free. That is what many hackers do. Acquiring your own botnet requires time and effort. Renting

On Tue, July 28, 2015 19:46, Warren Young wrote: > > iPads can???t be coopted into a botnet. The rules for iPad passwords > must necessarily be different than for CentOS. > http://www.tomsguide.com/us/ios-botnet-hacking,news-19253.html -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne

Dear listers, I'm facing a puzzling situation with Digium TDM2400 card (12 FXO / 12 FXS). Once a day or so we detect 1 or 2 zombie FXO channels. These can be either outbound or inbound calls. I thought this could be related to obsolete DAHDI or Asterisk versions, so I upgraded to 2.4.0 and 1.6.2.15 respectively (OS: Ubuntu 10.04 64 bits). To no avail; the zombie channels keep showing up.

If someone posted already, forgive me I get the digest. http://www.tgdaily.com/content/view/43480/108/ Scientists get a million Linux kernels to run at once Scientists at Sandia National Laboratories in Livermore, have run more than a million Linux kernels as virtual machines. (how long before shared hosts use this....lol) The technique will allow them to effectively observe behaviour found

Hello Asterisk users, We noticed that on Asterisk 12 zombie processes are being generated - They are released after a while, but we have around 10-20 zombie processes running. We are not sure if this is a normal behavior or an issue. We saw in the documentation that the bridging module creates zombie processes - is it related? Thank you, Yaron. -------------- next part -------------- An HTML

Hi all, Some time ago I posted an issue regarding the hangup of active calls from the CLI and someone told me that "soft hangup" should work. Well, in fact it does work, but only if the channel is known, i.e. it doesn't work for zombie channels. For example, I have this scenario (CLI output of command "iax2 show channels") IP-AM-PBX*CLI> iax2 show channels Channel

I'm monitoring Asterisk with Nagios. Nagios constantly alerts because of too many zombie processes. I eventually had to disable the notification for the alert but why does Asterisk create so many zombie processes, I've see more than 30 at times and it generally stays in the 20s... just seems unusual and wondering if it's harmful, thanks in advance. -------------- next part

Hello, We are running Asterisk-1.0.12 in a CentOS 4-4.2 system, kernel 2.6.9-42.0.3.ELsmp. We have some custom AGI, and when we launch Asterisk the system works fine. But **after some time**, each AGI execution generates a zombie <defunct> process. We believe that it's not a problem in the AGI code, because Asterisk+AGI is working fine in the first "n" minutes/hours. This