[torqueusers] Status Check request from unknown hosts

Miles O'Neal meo at intrinsity.com
Mon Feb 16 20:17:17 MST 2009


Beob Kyun Kim said...

|Hi Miles,
|In addition,
|While checking traffic from my cluster, there's no traffic from/to
|32.247.167.0~255.

Ah.  This sounds like probing or hacking.
How are you blcoking this address?

|
|Thanks.
|
|kyun
|
|On Tue, Feb 17, 2009 at 9:17 AM, Beob Kyun Kim <trugens at gmail.com> wrote:
|
|> Thanks Miles,
|> I don't know the users.
|>
|> My cluster is located at South Korea but the requesting hosts are located
|> at Kansas(US).
|> ( From utrace service, http://en.utrace.de/ )
|>
|> Is there any other way to ban this request from my cluster ?
|>
|> Even though I block 32.247.167.0~255, the same requests are repeated.
|> Is there the possibility of mis-configuration ?
|>
|> Thanks.
|>
|> kyun
|>
|> On Tue, Feb 17, 2009 at 12:15 AM, Miles O'Neal <meo at intrinsity.com> wrote:
|>
|>> Beob Kyun Kim said...
|>>
|>> |In the server_logs directory (/var/spool/pbs/server_logs), there're
|>> |repeating request from unknown hosts.
|>> |
|>> |For example,
|>> |
|>> |02/16/2009 19:33:57;0100;PBS_Server;Req;;Type StatusNode request received
|>> |> from root at 32.247.167.0, sock=11
|>> |>
|>> |02/16/2009 19:33:57;0100;PBS_Server;Req;;Type StatusQueue request
|>> received
|>> |> from root at 32.247.167.0, sock=11
|>> |>
|>> |02/16/2009 19:33:57;0100;PBS_Server;Req;;Type StatusJob request received
|>> |> from root at 32.247.167.0, sock=11
|>>
|>> Someone is checking things from a node PBS doesn't know about.
|>> If it's legit, just add that node_name to the list the server
|>> accepts requests from with
|>>
|>>   qmgr -c 'set server submit_hosts += node_name'
|>>
|>> Either that or tell the user to not send torque commands from that host.
|>>
|>> -Miles
|>>
|>
|>
|>
|> --
|> --
|> Beob Kyun Kim, Ph. D.
|> NSDC Team/ Supercomputing Center/ KISTI
|> 335 Kwahangno, Yuseong-gu, Daejeon, 305-806, South Korea
|> trugens at gmail.com, kyun at kisti.re.kr
|> MSN : trugens at hotmail.com/  GTalk : trugens at gmail.com/  NateOn :
|> numdle at nate.com
|> Phone : +82-42-869-0782/  Mobile : +82-10-4422-1584/  Fax : +82-42-869-0789
|>
|
|
|
|-- 
|-- 
|Beob Kyun Kim, Ph. D.
|NSDC Team/ Supercomputing Center/ KISTI
|335 Kwahangno, Yuseong-gu, Daejeon, 305-806, South Korea
|trugens at gmail.com, kyun at kisti.re.kr
|MSN : trugens at hotmail.com/  GTalk : trugens at gmail.com/  NateOn :
|numdle at nate.com
|Phone : +82-42-869-0782/  Mobile : +82-10-4422-1584/  Fax : +82-42-869-0789
|
|--000e0cd17548cd198d046312febb
|Content-Type: text/html; charset=UTF-8
|Content-Transfer-Encoding: quoted-printable
|
|Hi Miles,<div><br></div><div>In addition,</div><div>While checking traffic =
|from my cluster, there&#39;s no traffic from/to 32.247.167.0~255.</div><div=
|><br></div><div>Thanks.</div><div><br></div><div>kyun</div><div><br><div cl=
|ass=3D"gmail_quote">
|On Tue, Feb 17, 2009 at 9:17 AM, Beob Kyun Kim <span dir=3D"ltr">&lt;<a hre=
|f=3D"mailto:trugens at gmail.com">trugens at gmail.com</a>&gt;</span> wrote:<br><=
|blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px=
| #ccc solid;padding-left:1ex;">
|Thanks Miles,<div><br></div><div>I don&#39;t know the users.</div><div><br>=
|</div><div>My cluster is located at South Korea but the requesting hosts ar=
|e located at Kansas(US).</div><div>( From utrace service, <a href=3D"http:/=
|/en.utrace.de/" target=3D"_blank">http://en.utrace.de/</a>&nbsp;)</div>
|
|<div><br></div><div>Is there any other way to ban this request from my clus=
|ter ?</div><div><br></div><div>Even though I block 32.247.167.0~255, the sa=
|me requests are repeated.</div><div>Is there the possibility of mis-configu=
|ration ?</div>
|
|<div><br></div><div>Thanks.</div><div><br></div><div>kyun</div><div><div><d=
|iv></div><div class=3D"Wj3C7c"><br><div class=3D"gmail_quote">On Tue, Feb 1=
|7, 2009 at 12:15 AM, Miles O&#39;Neal <span dir=3D"ltr">&lt;<a href=3D"mail=
|to:meo at intrinsity.com" target=3D"_blank">meo at intrinsity.com</a>&gt;</span> =
|wrote:<br>
|
|<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
|x #ccc solid;padding-left:1ex">Beob Kyun Kim said...<br>
|<div><br>
||In the server_logs directory (/var/spool/pbs/server_logs), there&#39;re<br=
|>
||repeating request from unknown hosts.<br>
||<br>
||For example,<br>
||<br>
||02/16/2009 19:33:57;0100;PBS_Server;Req;;Type StatusNode request received<=
|br>
||&gt; from <a href=3D"mailto:root at 32.247.167.0" target=3D"_blank">root at 32.2=
|47.167.0</a>, sock=3D11<br>
||&gt;<br>
||02/16/2009 19:33:57;0100;PBS_Server;Req;;Type StatusQueue request received=
|<br>
||&gt; from <a href=3D"mailto:root at 32.247.167.0" target=3D"_blank">root at 32.2=
|47.167.0</a>, sock=3D11<br>
||&gt;<br>
||02/16/2009 19:33:57;0100;PBS_Server;Req;;Type StatusJob request received<b=
|r>
||&gt; from <a href=3D"mailto:root at 32.247.167.0" target=3D"_blank">root at 32.2=
|47.167.0</a>, sock=3D11<br>
|<br>
|</div>Someone is checking things from a node PBS doesn&#39;t know about.<br=
|>
|If it&#39;s legit, just add that node_name to the list the server<br>
|accepts requests from with<br>
|<br>
| &nbsp; qmgr -c &#39;set server submit_hosts +=3D node_name&#39;<br>
|<br>
|Either that or tell the user to not send torque commands from that host.<br=
|>
|<font color=3D"#888888"><br>
|-Miles<br>
|</font></blockquote></div><br><br clear=3D"all"><br></div></div>-- <br>-- <=
|br>Beob Kyun Kim, Ph. D.<br>NSDC Team/ Supercomputing Center/ KISTI<br>335 =
|Kwahangno, Yuseong-gu, Daejeon, 305-806, South Korea<br><a href=3D"mailto:t=
|rugens at gmail.com" target=3D"_blank">trugens at gmail.com</a>, <a href=3D"mailt=
|o:kyun at kisti.re.kr" target=3D"_blank">kyun at kisti.re.kr</a><br>
|
|MSN : <a href=3D"http://trugens@hotmail.com/" target=3D"_blank">trugens at hot=
|mail.com/</a> &nbsp;GTalk : <a href=3D"http://trugens@gmail.com/" target=3D=
|"_blank">trugens at gmail.com/</a> &nbsp;NateOn : <a href=3D"mailto:numdle at nat=
|e.com" target=3D"_blank">numdle at nate.com</a><br>
|Phone : +82-42-869-0782/ &nbsp;Mobile : +82-10-4422-1584/ &nbsp;Fax : +82-4=
|2-869-0789<br>
|
|</div>
|</blockquote></div><br><br clear=3D"all"><br>-- <br>-- <br>Beob Kyun Kim, P=
|h. D.<br>NSDC Team/ Supercomputing Center/ KISTI<br>335 Kwahangno, Yuseong-=
|gu, Daejeon, 305-806, South Korea<br><a href=3D"mailto:trugens at gmail.com">t=
|rugens at gmail.com</a>, <a href=3D"mailto:kyun at kisti.re.kr">kyun at kisti.re.kr<=
|/a><br>
|MSN : <a href=3D"http://trugens@hotmail.com/">trugens at hotmail.com/</a> &nbs=
|p;GTalk : <a href=3D"http://trugens@gmail.com/">trugens at gmail.com/</a> &nbs=
|p;NateOn : <a href=3D"mailto:numdle at nate.com">numdle at nate.com</a><br>Phone =
|: +82-42-869-0782/ &nbsp;Mobile : +82-10-4422-1584/ &nbsp;Fax : +82-42-869-=
|0789<br>
|
|</div>
|
|--000e0cd17548cd198d046312febb--
|


-- 
Miles O'Neal

Intrinsity, Inc.       |    meo at intrinsity.com
11612 Bee Caves Rd.    |    512-421-2242 (v)
Bldg II / Suite 200    |    512-577-3133 (c) <- best bet
Austin, Texas 78738    |    512-263-0795 (f)


More information about the torqueusers mailing list