Re: FC4, named & system hang

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike McMullen wrote:

----- Original Message ----- From: "Mike McMullen" <mlm@xxxxxxxxxxxxxxxxxx>



Hi All,

I am experiencing occasional hangs on an FC4 web server that is
also a name server. After rebooting the only thing I see in the logs
are about a zillion messages from named stating "RCODE (SERVFAIL)".

Here is an example:

Jul 14 02:03:37 www named[1652]: unexpected RCODE (SERVFAIL) resolving '52.134.78.140.in-addr.arpa/PTR/IN': 140.78.2.62#53

These messages go on for about 15-18 minutes and then the system hangs.

I'm assuming it's some type of hacking attempt.

Can anyone give me some insight on what might be happening here and better
yet how to prevent it?

Thanks,

Mike

Reviewing the logs more closely I also see brute force attempts on sshd. I have a rule set up in iptables to disable login attempts for 1 minute if there are 3 attempts a minute.

The logs show the same site being blocked and then trying again about 5 minutes later.

However, the system hang occurs about 7-8 minutes after the last ssh attempt and about
a 100-200 RCODE errors later.

Any help appreciated!

Mike


Maybe you should look into denyhosts. I believe it's in the Extras repository, and you can configure it to deny access to sshd from any IP address that repeatedly fails logins (brute force attacks). There's also a configuration option that allows you to block all internet services to that IP address.

Sorry I can't help you with why your system is hanging, but if you're not being brute force attacked, maybe your system won't hang anymore.

Hope this helps,
Justin Willmert


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux