RE: [Serusers] Ser stop responding requests when scanned with SiVuS

24 Oct 2005

Dear Greger

Processes

root@test01 root]# ps -ax

  PID TTY      STAT   TIME COMMAND

    1 ?        S      2:45 init

    2 ?        SW     0:00 [migration/0]

    3 ?        SW     0:00 [migration/1]

    4 ?        SW     0:00 [keventd]

    5 ?        SWN    0:00 [ksoftirqd_CPU0]

    6 ?        SWN    0:00 [ksoftirqd_CPU1]

   11 ?        SW     0:00 [bdflush]

    7 ?        SW     2:33 [kswapd]

    8 ?        SW     0:04 [kscand/DMA]

    9 ?        SW    23:56 [kscand/Normal]

   10 ?        SW     0:05 [kscand/HighMem]

   12 ?        SW     0:39 [kupdated]

   13 ?        SW     0:00 [mdrecoveryd]

   21 ?        SW     7:13 [kjournald]

  618 ?        SW     0:00 [kjournald]

  869 ?        S      1:10 syslogd -m 0

  873 ?        S      0:00 klogd -x

  883 ?        S      1:34 /usr/sbin/sshd

 1032 ?        SW     3:21 [vmmemctl]

 1096 ?        S     81:30 /usr/sbin/vmware-guestd --background
/var/run/vmware-guestd.pid

 1106 ?        S      0:00 login -- root     

 1108 tty2     S      0:00 /sbin/mingetty tty2

 1109 tty3     S      0:00 /sbin/mingetty tty3

 1110 tty4     S      0:00 /sbin/mingetty tty4

 1113 tty5     S      0:00 /sbin/mingetty tty5

 1114 tty6     S      0:00 /sbin/mingetty tty6

 1197 tty1     S      0:00 -bash

 1574 ?        S      5:33 svscan /etc/service

 2248 ?        S      0:00 /bin/sh /command/svscanboot

 2250 ?        S      5:40 svscan /etc/service

 2251 ?        S      0:00 readproctitle service errors:
...........................................................................

 8290 ?        S    152:15 python2.3 ./proxydispatcher.py
--log=/usr/local/mediaproxy/log_dispatcher

 9912 ?        S      0:00 /bin/sh ./bin/mysqld_safe --user=mysql

 9936 ?        S      0:03 [mysqld]

 9937 ?        S      3:05 [mysqld]

 9938 ?        S      0:00 [mysqld]

 9939 ?        S      0:00 [mysqld]

 9940 ?        S      0:00 [mysqld]

 9941 ?        S      0:00 [mysqld]

 9942 ?        S      9:40 [mysqld]

 9943 ?        S     14:47 [mysqld]

 9944 ?        S      0:00 [mysqld]

 9945 ?        S      0:00 [mysqld]

17660 ?        S      0:00 in.tftpd -l -s /root/tftpboot/

20616 ?        S     21:31 /usr/bin/perl /usr/bin/radiusd radiusd -dictionary dictionary
-config_file /usr/local/etc/raddb/radius.cf

23564 ?        S      0:00 /usr/lib/rpm/rpmq -q --all

20136 ?        S      0:04 /usr/sbin/sshd

20138 pts/2    S      0:00 -bash

20182 pts/0    S      0:00 -bash

20235 pts/2    S      0:01 ./openser -f /home/config-file/ser.cfg start

20236 pts/2    S      0:00 ./openser -f /home/config-file/ser.cfg start

20237 pts/2    S      0:00 ./openser -f /home/config-file/ser.cfg start

20238 ?        S      0:00 [mysqld]

20528 pts/0    R      0:00 ps -ax

This is top show right after it stop responding to clients

15:30:47  up 23 days, 23:23,  3 users,  load average: 0.28, 0.10, 0.03

54 processes: 53 sleeping, 1 running, 0 zombie, 0 stopped

CPU0 states:   0.5% user   2.0% system    0.0% nice   0.0% iowait  96.4% idle

CPU1 states:   0.1% user   0.3% system    0.0% nice   0.0% iowait  99.1% idle

Mem:   513204k av,  473224k used,   39980k free,       0k shrd,   45344k buff

                    220468k actv,    1512k in_d,    9504k in_c

Swap: 1044216k av,       0k used, 1044216k free                  334832k cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND

 8290 root      21   0  5084 5084  2552 S     0.7  0.9 152:12   1 python2.3

20219 root      15   0  1132 1132   856 R     0.5  0.2   0:04   0 top

  883 root      15   0  1500 1500  1256 S     0.3  0.2   1:38   0 sshd

20235 root      15   0  4832 4832  4064 S     0.3  0.9   0:01   0 openser

 1096 root      17   0  6472 6472   472 S     0.1  1.2  81:28   1 vmware-guestd

    1 root      15   0   472  472   420 S     0.0  0.0   2:44   1 init

    2 root      RT   0     0    0     0 SW    0.0  0.0   0:00   0 migration/0

    3 root      RT   0     0    0     0 SW    0.0  0.0   0:00   1 migration/1

    4 root      15   0     0    0     0 SW    0.0  0.0   0:00   0 keventd

    5 root      34  19     0    0     0 SWN   0.0  0.0   0:00   0 ksoftirqd_CPU0

    6 root      34  19     0    0     0 SWN   0.0  0.0   0:00   1 ksoftirqd_CPU1

   11 root      25   0     0    0     0 SW    0.0  0.0   0:00   0 bdflush

    7 root      15   0     0    0     0 SW    0.0  0.0   2:33   0 kswapd

The SER log is at  <http://s13.yousendit.com/d.aspx?id=2E1VPTKYK3EL9353MJ1NB73LJ0>
http://s13.yousendit.com/d.aspx?id=2E1VPTKYK3EL9353MJ1NB73LJ0

Brgds

Hoa

  _____  

From: Greger V. Teigre [mailto:greger@teigre.com] 
Sent: Monday, October 24, 2005 12:23 PM
To: Hoa Thai Duy; serusers(a)lists.iptel.org
Subject: Re: [Serusers] Ser stop responding requests when scanned with SiVuS

Hoa,

That server is not responding right now. But it would be helpful if you could provide any
log messages from ser and more info on processes running, what top shows etc.

g-) 

----- Original Message ----- 

From: Hoa Thai Duy <mailto:hoathai@vngt.vn>  

To: serusers(a)lists.iptel.org 

Sent: Monday, October 24, 2005 05:30 AM

Subject: [Serusers] Ser stop responding requests when scanned with SiVuS

Hi all

Yesterday, I downloaded and scanned  my stable SER system (production), and it stoped
responding to Subscriber requests.

The Tool is at http://vopsecurity.org/sivus-1.09.exe, remember to have JRE installed on
Windows.

I deployed the configuration guideline at onsip, OpenSER 0.9.5

Anyone have tested the Security Scanner, pls. help

Brgds

Hoa

  _____  

_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

RE: [Serusers] Ser stop responding requests when scanned with SiVuS