[ale] Known vulnerabilities in whois? (called by fail2ban)

Rich Faulkner rfaulkner at 34thprs.org
Thu Mar 25 23:40:43 EDT 2010 

Say, any ideas why I cannot get CentOS 32 or 64-bit live disk to boot?
Both keep throwing an error about reserved memory and go nowhere?  I can
boot on my laptop (now running Fedora 12) but still get some errors.  I
already tried pulling copies from two different servers but still get
the same error.

Thoughts?  I'd REALLY like to get CentOS 5 running and drive 9.10 and
whatever else I want from there as VM's.



On Thu, 2010-03-25 at 23:17 -0400, wolf at wolfhalton.info wrote:
> Take one CentOS and call me in the morning.
> Fedora is __Supposed_to_be__ a bleeding-edge experimental distro.  
> I gave it up for CentOS, even though CentOS has upgrades farther apart
> \\ I mean _Because_ CentOS has upgrades farther apart.
> I know people running OpenSolaris because it has historically had long
> end-of-life, like 10 years.  
> 
> In the other hand, I generally test alpha flights of Ubuntu (in VMs,
> these days) for entertainment.
> 
> Dr Wolf
> 
> 
> 
> -----Original Message-----
> From: Jim Kinney <jim.kinney at gmail.com>
> Reply-to: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
> To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
> Subject: Re: [ale] Known vulnerabilities in whois? (called by
> fail2ban)
> Date: Thu, 25 Mar 2010 16:19:50 -0400
> 
> 
> 
> On Thu, Mar 25, 2010 at 3:43 PM, Neal Rhodes <neal at mnopltd.com>
> wrote: 
>         Something odd today. 
>         
>         Fedora Core 10 system dog slow.    Yes, I should upgrade.   Is
>         there a drug you can legally take to help you forget the prior
>         pain of Fedora upgrades? 
>         
> 
> Alcohol (to steel the nerves) followed by system reinstall followed by
> lots more alcohol (to fight back the tears) and few Zanax (um, why not
> at this point?) for good measure. 
> 
>         
>         Top shows that whois is taking 80% of cpu.   
>         
>         whois being called by fail2ban, which is about to cut off
>         access to some wanker trying random passwords.   It does a
>         whois first to get some descriptive detail for the logs.  
>         
>         It was trying to do: 
>                 17753 ?        R    508:58      |
>                 \_ /usr/bin/whois 203.171.30.41
>         
>         You can see it ate a pile of cpu.   I killed it off and all
>         seems to be ok.     Inquiring minds are curious if those doing
>         external ssh attempts are getting wise to the notion that
>         fail2ban will spot them and then close them down, and are now
>         attempting to either:
>                 A. find/use a vulnerability in whois, or 
>                 B. just make the whole fail2ban process hang for a
>                 while longer so they get more chances to guess. 
>         
>         
> Set up a cron that looks for long-running whois and kill it until you
> can cycle through the above process :-)
>   
>         
>         
>         
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org
>         http://mail.ale.org/mailman/listinfo/ale
>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         http://mail.ale.org/mailman/listinfo
>         
> 
> 
> 
> -- 
> -- 
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness         
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list