[mythtv-commits] Ticket #4460: DoS on mythbackend port listeners
MythTV
mythtv at cvs.mythtv.org
Sat Jan 12 06:17:31 UTC 2008
#4460: DoS on mythbackend port listeners
------------------------------+---------------------------------------------
Reporter: jp at jpsdomain.org | Owner: ijr
Type: defect | Status: new
Priority: minor | Milestone: unknown
Component: mythtv | Version: 0.20-fixes
Severity: medium | Mlocked: 0
------------------------------+---------------------------------------------
I recently encountered a way to reproducibly kill the mythbackend ![1!]
listeners on ports 654![349!]. More details at:
http://ubuntuforums.org/showthread.php?t=658310
Aside from pulling my hair out for an entire weekend, this obviously
represents at least a potential LAN DoS.
Steps to reproduce (given for a Mythbuntu 7.10 ![1!] system, but trivially
adaptable):
{{{
# aptitude install monit
# vi /etc/default/monit
Change to "startup=1"
# vi /etc/monit/monitrc
Tweak settings as needed, I'm not 100% sure which one did it, none
should be *able* to:
----- cut here ----
check host mythtv-be-01 with address 10.10.10.01
if failed port 2442 type tcp then alert # mtd (Myth DVD)
if failed port 6543 type tcp then alert # mythbackend server
if failed port 6544 type tcp then alert # mythbackend status
if failed port 6549 type udp then alert # mythbackend
----- cut here ----
# monit -T /etc/monit/monitrc
# vi /etc/monit/monitrc
Fix any errors the -T syntax checker found
# monit -T /etc/monit/monitrc
# /etc/init.d/monit start
}}}
That's it. Now every time Monit polls, your mythbackend will stop
listening on its TCP/UDP ports.
----
Footnote
{{{
[1] $ mythbackend --version
Library API version : 0.20.20070821-1
Source code version : 14283
SVN Branch : branches/release-0-20-fixes
Options compiled in :
linux profile using_xvmcw using_v4l using_oss using_alsa using_arts
using_jack using_ivtv using_firewire using_dbox2 using_hdhr using_ip_rec
using_freebox using_live using_lirc using_joystick_menu using_dvb
using_x11 using_xv using_xrandr using_xvmc using_xvmc_vld
using_opengl_vsync using_opengl using_frontend using_backend
using_bindings_perl
}}}
--
Ticket URL: <http://svn.mythtv.org/trac/ticket/4460>
MythTV <http://svn.mythtv.org/trac>
MythTV
More information about the mythtv-commits
mailing list