Mailinglist Archive: opensuse-security (423 mails)
| < Previous | Next > |
Re: [suse-security] all network ports in use
- From: Roman Drahtmueller <draht@xxxxxxx>
- Date: Thu, 8 Mar 2001 11:46:34 +0100 (MET)
- Message-id: <Pine.LNX.4.30.0103081143220.14018-100000@xxxxxxxxxxxx>
> > There is sometimes a problem, logging into our two SuSE 7.0 (SMP) machines.
> > Trying to log in with telnet procudes the following error Message:
> > "telnetd: all network ports in use"
> > In such a case it is not possible to log into the machine for several hours.
> > Is this because of a portscan an anything else?
> > Did anyone have a similar Problem?
>
> Be sure that you compiled the kernel with "Unix98 PTY support" and
> "/dev/pts file system for Unix98 PTYs" options enabled.
>
> or add a line in your /etc/fstab
>
> none /dev/pts devpts mode=0620 0 0
The devpts filesystem gets mounted by /sbin/init.d/boot at boot time on
SuSE distributions and are not listed in the fstab. It shouldn't matter if
it shows up there, though.
Nevertheless, this doesn't seem to be the problem here. It more or less
looks like this machine has been under attack so that all available
sockets have been used up. In particular, it seems to have been a SYN
flood attack. There is no efficient countermeasure against this other than
pulling the plug.
> I think this may help you.
>
> PS: Sorry for my English.
Nono... :-)
> MURAT KOC
Thanks,
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
> > Trying to log in with telnet procudes the following error Message:
> > "telnetd: all network ports in use"
> > In such a case it is not possible to log into the machine for several hours.
> > Is this because of a portscan an anything else?
> > Did anyone have a similar Problem?
>
> Be sure that you compiled the kernel with "Unix98 PTY support" and
> "/dev/pts file system for Unix98 PTYs" options enabled.
>
> or add a line in your /etc/fstab
>
> none /dev/pts devpts mode=0620 0 0
The devpts filesystem gets mounted by /sbin/init.d/boot at boot time on
SuSE distributions and are not listed in the fstab. It shouldn't matter if
it shows up there, though.
Nevertheless, this doesn't seem to be the problem here. It more or less
looks like this machine has been under attack so that all available
sockets have been used up. In particular, it seems to have been a SYN
flood attack. There is no efficient countermeasure against this other than
pulling the plug.
> I think this may help you.
>
> PS: Sorry for my English.
Nono... :-)
> MURAT KOC
Thanks,
Roman.
--
- -
| Roman Drahtmüller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
| < Previous | Next > |