Attack? Upcoming Changes

Posted on by

     Today around 5pm we had some sort of issue that caused a large number of xrdp programs to be running on Ubuntu, Centos7, and Scientific7 at the same time causing a large CPU load and slow response on these servers.  These did not seem to be operating normally but stuck in some sort of loop chewing up CPU.

     I also noticed some kernel messages about SYN flooding on port 3389 which is the RDP port.  I got into the router to try to do a traffic analysis to find where these were coming from but by the time I did they had stopped.

     So either a badly behaving client or a new type of mystery denial of service attack.  Don’t know which as I have not seen these before and they did not last long enough to determine the source.

     Then with respect to changes, I’ll be changing the SunOS 4.1.4 server currently at “eskimo.com” to “sunos.eskimo.com“, it will still be reachable only from the network internally.  This is in preparation for installation of the new router which officially does not support NAT (it actually does just not officially, it is Debian based and uses legacy IP tables so there is nothing that prevents me from using iptables to implement NAT but it is not officially supported).  At any rate this will simplify configurations all around.

     Sometime in the not too distant future we will be doing another kernel upgrade but it will need to be either after I get my car back from the shop or when I know my wife will be off work as the potential for systemd to hang is always present.

     Other people have successfully gotten SunOS 4.1.4 working on qemu emulation so I know it is doable.  I recently did succeed in getting a qemu emulation working doing UltraSparc emulation and running Redhat 6.2 for 64-bit Sparc and the performance was actually quite reasonable, so it is my long term plan to move it to an emulator.  I’ve got it working to the point where I can boot from the install disk but haven’t been able to figure out the correct numbers to partition and install to a virtual disk just yet.  It is not supported properly from virt-manager so I have to create this entirely by hand.