Results 1 to 9 of 9

Thread: Unexpected crash attempts

  1. #1

    Unexpected crash attempts

    Well, most of us are watching for normal attempts to break in, logging what ever we can.

    Some happy asshole around me was bent not on breaking in, but just breaking period. SO, he setup some script to attempt ftp/http connections, with as much text as possible. The effect? My logging setup was extremely verbose, and the log partition filled up VERY fast. Fast enough that my rotation cron didn't come quick enough for it to jump up to 100%. once your logs reach 100%, some strange stuff happens... adn really, I have no clue what the person did once the logs filled up.


    Moral of the story, keep an eye on the log sizes....

  2. #2
    Senior Member
    Join Date
    May 2001
    Posts
    472

    Re: Unexpected crash attempts

    This is why some people like to put whatever directory the logs are going to live in on a separate partition/filesystem.

  3. #3

    Re: Unexpected crash attempts

    It was on a seperate partition. But when apps can't append to their logs, some arn't happy...

    but yes, this is yet another reason to seperate out the logs. A few unhappy apps is far better than a / at 100%

  4. #4
    Guest

    Re: Unexpected crash attempts

    The world is full of morons.....

  5. #5
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re: Unexpected crash attempts

    That's exactly the log size attack. There are some tools just to offend your box so that you will filled up with logs and then the box simply crash.

    Mostly the defense is put on separate box, log watch to monior the partition size and then just SSH in and delete everything you see in the log with .gz and .0 to make room.

    Most will not do this kind of attack since it also drains the attacker(s)'s resources as well.

  6. #6

    Re: Unexpected crash attempts

    Yep, having a loghost is pretty cool.

    We have one loghost at work, and where the logs go on THAT box is just an nfs mount to a netapp. TONS of space, but I can tail -f one file and get system logs from all 1000+ nodes... pretty cool if you ask me (;

  7. #7

    Re: Unexpected crash attempts

    wonder how hard it would be to build a script to check your log partition's free space every now and again?

    --Vendetta

  8. #8

    Re: Unexpected crash attempts


    wonder how hard it would be to build a script to check your log partition's free space every now and again?

    --Vendetta
    Extremely easy... cd /log/partition ; df -h . > mail root@localhost

    drop that into a cron job, and away you go.

  9. #9

    Re: Unexpected crash attempts

    hell you could drop that in at the head of your logcheck script

Similar Threads

  1. namad crash, but not sure :-)
    By GNEEOT in forum Ubuntu / Debian
    Replies: 4
    Last Post: 01-27-2007, 06:31 PM
  2. Crash
    By GNEEOT in forum Linux - General Topics
    Replies: 8
    Last Post: 07-13-2006, 09:54 AM
  3. Unexpected server outage
    By genesis in forum Announcements and Suggestions
    Replies: 5
    Last Post: 02-06-2005, 02:11 AM
  4. Car crash video
    By cloverm in forum General Chat
    Replies: 12
    Last Post: 08-08-2004, 04:03 AM
  5. App crash
    By Bogler in forum Linux - Software, Applications & Programming
    Replies: 9
    Last Post: 01-16-2002, 01:01 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •