[Serusers] Ser stop responding requests when scanned with SiVuS
Greger V. Teigre
greger at teigre.com
Mon Oct 24 11:43:18 CEST 2005
I cross-post to serdev as it is more relevant there.
Dear Hoa,
I don't see anything wrong there. Obviously, ser doesn't like the messages being sent, but I don't see anything that can explain why it stops processing.
Do you have anything in the send or receive queue ? (netstat -nlp)
At the end of the logfile, do you continue to send messages, but ser does not even print debug messages?
It seems that ser is handling resending etc after the last message was received, so I cannot really attach the problem to a single message.
I think maybe somebody else need to follow up on this; I'm not really sure how to proceed now. :-)
g-)
----- Original Message -----
From: Hoa Thai Duy
To: 'Greger V. Teigre' ; serusers at lists.iptel.org
Sent: Monday, October 24, 2005 11:04 AM
Subject: RE: [Serusers] Ser stop responding requests when scanned with SiVuS
Dear Greger
Processes
root at test01 root]# ps -ax
PID TTY STAT TIME COMMAND
1 ? S 2:45 init
2 ? SW 0:00 [migration/0]
3 ? SW 0:00 [migration/1]
4 ? SW 0:00 [keventd]
5 ? SWN 0:00 [ksoftirqd_CPU0]
6 ? SWN 0:00 [ksoftirqd_CPU1]
11 ? SW 0:00 [bdflush]
7 ? SW 2:33 [kswapd]
8 ? SW 0:04 [kscand/DMA]
9 ? SW 23:56 [kscand/Normal]
10 ? SW 0:05 [kscand/HighMem]
12 ? SW 0:39 [kupdated]
13 ? SW 0:00 [mdrecoveryd]
21 ? SW 7:13 [kjournald]
618 ? SW 0:00 [kjournald]
869 ? S 1:10 syslogd -m 0
873 ? S 0:00 klogd -x
883 ? S 1:34 /usr/sbin/sshd
1032 ? SW 3:21 [vmmemctl]
1096 ? S 81:30 /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid
1106 ? S 0:00 login -- root
1108 tty2 S 0:00 /sbin/mingetty tty2
1109 tty3 S 0:00 /sbin/mingetty tty3
1110 tty4 S 0:00 /sbin/mingetty tty4
1113 tty5 S 0:00 /sbin/mingetty tty5
1114 tty6 S 0:00 /sbin/mingetty tty6
1197 tty1 S 0:00 -bash
1574 ? S 5:33 svscan /etc/service
2248 ? S 0:00 /bin/sh /command/svscanboot
2250 ? S 5:40 svscan /etc/service
2251 ? S 0:00 readproctitle service errors: ...........................................................................
8290 ? S 152:15 python2.3 ./proxydispatcher.py --log=/usr/local/mediaproxy/log_dispatcher
9912 ? S 0:00 /bin/sh ./bin/mysqld_safe --user=mysql
9936 ? S 0:03 [mysqld]
9937 ? S 3:05 [mysqld]
9938 ? S 0:00 [mysqld]
9939 ? S 0:00 [mysqld]
9940 ? S 0:00 [mysqld]
9941 ? S 0:00 [mysqld]
9942 ? S 9:40 [mysqld]
9943 ? S 14:47 [mysqld]
9944 ? S 0:00 [mysqld]
9945 ? S 0:00 [mysqld]
17660 ? S 0:00 in.tftpd -l -s /root/tftpboot/
20616 ? S 21:31 /usr/bin/perl /usr/bin/radiusd radiusd -dictionary dictionary -config_file /usr/local/etc/raddb/radius.cf
23564 ? S 0:00 /usr/lib/rpm/rpmq -q --all
20136 ? S 0:04 /usr/sbin/sshd
20138 pts/2 S 0:00 -bash
20182 pts/0 S 0:00 -bash
20235 pts/2 S 0:01 ./openser -f /home/config-file/ser.cfg start
20236 pts/2 S 0:00 ./openser -f /home/config-file/ser.cfg start
20237 pts/2 S 0:00 ./openser -f /home/config-file/ser.cfg start
20238 ? S 0:00 [mysqld]
20528 pts/0 R 0:00 ps -ax
This is top show right after it stop responding to clients
15:30:47 up 23 days, 23:23, 3 users, load average: 0.28, 0.10, 0.03
54 processes: 53 sleeping, 1 running, 0 zombie, 0 stopped
CPU0 states: 0.5% user 2.0% system 0.0% nice 0.0% iowait 96.4% idle
CPU1 states: 0.1% user 0.3% system 0.0% nice 0.0% iowait 99.1% idle
Mem: 513204k av, 473224k used, 39980k free, 0k shrd, 45344k buff
220468k actv, 1512k in_d, 9504k in_c
Swap: 1044216k av, 0k used, 1044216k free 334832k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
8290 root 21 0 5084 5084 2552 S 0.7 0.9 152:12 1 python2.3
20219 root 15 0 1132 1132 856 R 0.5 0.2 0:04 0 top
883 root 15 0 1500 1500 1256 S 0.3 0.2 1:38 0 sshd
20235 root 15 0 4832 4832 4064 S 0.3 0.9 0:01 0 openser
1096 root 17 0 6472 6472 472 S 0.1 1.2 81:28 1 vmware-guestd
1 root 15 0 472 472 420 S 0.0 0.0 2:44 1 init
2 root RT 0 0 0 0 SW 0.0 0.0 0:00 0 migration/0
3 root RT 0 0 0 0 SW 0.0 0.0 0:00 1 migration/1
4 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
5 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd_CPU0
6 root 34 19 0 0 0 SWN 0.0 0.0 0:00 1 ksoftirqd_CPU1
11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
7 root 15 0 0 0 0 SW 0.0 0.0 2:33 0 kswapd
8 root 15 0 0 0 0 SW 0.0 0.0 0:04 1 kscand/DMA
9 root 15 0 0 0 0 SW 0.0 0.0 23:56 0 kscand/Normal
10 root 15 0 0 0 0 SW 0.0 0.0 0:05 0 kscand/HighMem
12 root 15 0 0 0 0 SW 0.0 0.0 0:39 1 kupdated
13 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 mdrecoveryd
21 root 15 0 0 0 0 SW 0.0 0.0 7:13 1 kjournald
618 root 19 0 0 0 0 SW 0.0 0.0 0:00 1 kjournald
869 root 15 0 580 580 504 S 0.0 0.1 1:10 1 syslogd
873 root 15 0 424 424 376 S 0.0 0.0 0:00 1 klogd
The SER log is at http://s13.yousendit.com/d.aspx?id=2E1VPTKYK3EL9353MJ1NB73LJ0
Brgds
Hoa
------------------------------------------------------------------------------
From: Greger V. Teigre [mailto:greger at teigre.com]
Sent: Monday, October 24, 2005 12:23 PM
To: Hoa Thai Duy; serusers at lists.iptel.org
Subject: Re: [Serusers] Ser stop responding requests when scanned with SiVuS
Hoa,
That server is not responding right now. But it would be helpful if you could provide any log messages from ser and more info on processes running, what top shows etc.
g-)
----- Original Message -----
From: Hoa Thai Duy
To: serusers at lists.iptel.org
Sent: Monday, October 24, 2005 05:30 AM
Subject: [Serusers] Ser stop responding requests when scanned with SiVuS
Hi all
Yesterday, I downloaded and scanned my stable SER system (production), and it stoped responding to Subscriber requests.
The Tool is at http://vopsecurity.org/sivus-1.09.exe, remember to have JRE installed on Windows.
I deployed the configuration guideline at onsip, OpenSER 0.9.5
Anyone have tested the Security Scanner, pls. help
Brgds
Hoa
----------------------------------------------------------------------------
_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20051024/5aa6ae3d/attachment.htm>
More information about the sr-users
mailing list