unfortunately Astaro has their forums set too restrictively for me to post there..:(
I have ips off, web security off, i only use a/v and anti-spam for pop3.
I’ll post links to the posts on the astaro.org forums as i find them.
i have 5 rules:
New rule …
Open live log
All1Internal (Network)
AnyNone
Any
2Any
enochNone
SSH
3Any
joshuaNone
joshua source
4Any
joshuaNone
joshua ssh
5Any
joshuaNone
joshua 1.6
I have one masq rule:
Internal (Network)DSL
I can easily exhaust the cpu by firing up azureus(which is set to max 250 connections globally) and start a torrent. ALL traffic stops as the cpu is maxed out by pfilter-reporte. The first 3 minutes i let the torrent go there is a total DOS incoming and outgoing. The webadmin is only partially responsive. SHH is slow but responsive. All other fucntions(web, mail any other traffic) stop. Once i kill the torrent within seconds cpu is still pegged but traffic begins flowing once again.
Here is my top 5 minutes after i have stopped the torrent:
top – 13:56:43 up 3 days, 17:42, 1 user, load average: 4.81, 4.20, 2.61
Tasks: 88 total, 5 running, 82 sleeping, 0 stopped, 1 zombie
Cpu(s): 76.6%us, 20.6%sy, 0.0%ni, 0.0%id, 1.9%wa, 0.5%hi, 0.5%si, 0.0%st
Mem: 515392k total, 490176k used, 25216k free, 27784k buffers
Swap: 1050832k total, 115480k used, 935352k free, 122988k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
7800 root 21 0 32428 13m 3016 R 15.3 2.6 14:49.97 pfilter-reporte
17633 root 16 0 30464 9m 1692 D 4.8 2.0 0:00.10 confd.plx
17634 root 17 0 30312 9812 1644 S 4.3 1.9 0:00.09 confd.plx
7807 root 15 0 13292 8040 2468 S 3.4 1.6 0:10.29 notifier.plx
3078 root 16 0 15108 6860 1664 S 1.4 1.3 29:57.32 selfmonng.plx
1478 root 15 0 0 0 0 D 0.5 0.0 0:03.43 kjournald
2755 root 15 0 29704 7268 1092 S 0.5 1.4 0:06.55 confd.plx
5311 root 15 0 1560 156 132 S 0.5 0.0 13:29.44 pppoe
16094 wwwrun 16 0 32676 26m 2840 S 0.5 5.3 0:08.16 index.plx
16628 root 15 0 19220 13m 3656 S 0.5 2.7 0:01.98 audld.plx
1 root 16 0 716 176 132 S 0.0 0.0 0:01.38 init
2 root 34 19 0 0 0 R 0.0 0.0 0:19.05 ksoftirqd/0
3 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 events/0
4 root 14 -5 0 0 0 S 0.0 0.0 0:00.01 khelper
5 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kthread
7 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
8 root 19 -5 0 0 0 S 0.0 0.0 0:00.00 kacpid
This is totally unacceptable for a security product.
*edit* The load is now up to 6 but the system is slowwwwwly becoming useable again. The torrent is now going and of course the amount of packets being blocked isn’t that high but the pfilter is still pegging the cpu.
This is still a DOS but a short term DOS. I’ll post updates as to when pfilter calms down and see if i can duplicate the results in a couple of days. I’ve brought astaro to a halt twice today already doing this.
*update* as of 4pm EDT pfilter-repote finally released the cpu.
*update2* i’m late to the party many have reported it. However I have so far isolated it to only pfilter-repote. Something with the packet filtering chokes when it gets more than a few packets a second in dropped packets.
*update three: Here are some threads talking about this issue:
HERE
HERE
HERE
Here
HERE
Here
Astaro has privately acknowledged the issue.
*UPDATE* The new version 7.006 right now doesn’t appear to have fixed this exploit.
*UPDATE* There’s a workaround by killing the packet filter reporter…which it turns out is a .pl(perl) script. This may go a long way to explaining the root of the problem.
*UPDATE killing pfilter doesn’t work. Another solution may be a fresh install with the latest version instead of an upgrade. I will try that one.
*UPDATE* In this thread on astaro’s forums, another user suggested reloading from scratch with the latest 7.006 iso. So far this has solved hte pfilter DOS issue so appreantly upgrading is a problem?? The pop3 a/v issue still remins though.