Hi all,
I have a question on a subject that has bitten me twice now. I have in my time
worked on a few trucluster environments. Twice now I have seen instances of an
enterprising network person deciding to port scan entire subnets. On one
occasion it caused the ase agent and host status monitor to die. This was on a
pair of 8400's running 4.0D patch kit #2 (TC 1.5). In this case the problem was
not noticed until I came back from holiday's a week later. When it decided "Hey
the sys admin is back, I will fall over now".
The other case happened just now. This is on a pair of 2100's running 4.0D, 1.5
patch kit #2. In this situation it seems to have started an incredible number
of inetd's (about 32740 odd). In other words it has taken over the system
allowing no other processes to start. They seem to keep popping up over and over
again.
My question, I guess is, is this a known problem? Related possibly to patch kit
#2? It would seem ridiculous in the extreme that a truclustered environment
cannot handle a port scan. Bored network types also seem to do things like that
and port scan tools are not rare. Any comments/similar situations/solutions
would be welcomed.
Robert Mulley
Unix Administrator
GNS
Consulting
Received on Wed Feb 10 1999 - 03:48:20 NZDT