12-20-2017
The scanner is not in the server but somewhere on your network, internal I hope, or it may be an attack as mentionned... so in internal it seems there is something looking like a such device at the IP I pointed out - Check!
Years ago I had many HP-UX crashes once a month till I decided to write at the direction saying those "non-intrusive" devices were all but that and crashing HP servers or some mainframe devices, mostly the ones trusted and having/using NFS, the reason is mainly it opens so many connections id doesnt care for itself (MS.. OS?) but on a UNIX server the timeouts are regularly over 5 minutes so a opened port cannot be used till it is cleaned and so in such cases quickly you run out and then no one can connect, not even root and you are doomed... Once I proved where it came from the HP servers were listed out the scanning process... and now they changed system, but I have no more HP either... If you have NFS mounted on that server and the scan manages to make it unreadable then your system depending what is running will try to read desperatly and it s load will go beyond control till the system crashes...
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi I am using unix for last few days. Here is my problem
during boot the machine stop giving video signal and I don't know what's happening.
When I ping (during boot) it from another machine it comes alive then goes out.
The power on the CPU is on all the time.
please help. (9 Replies)
Discussion started by: santosh1981
9 Replies
2. UNIX for Dummies Questions & Answers
Is it common in the Unix/Linux environment to install compute intensive applications on a Server system and have the client machines download the executables into memory at runtime to run locally? This model seems taxing to the network, and as I understand, has been largely abandoned in the... (1 Reply)
Discussion started by: jonwillog
1 Replies
3. UNIX for Advanced & Expert Users
Hi,
When most of the server applications get installed, they create their own user. I believe this is to not use the "root" account. For example, Apache when installed creates a user called "apache". And the directories which it uses are all owned by this user. This seems to be the... (2 Replies)
Discussion started by: srikanths
2 Replies
4. Shell Programming and Scripting
Hi all
I am running a major script of my application in development for implementing code changes for process improvement in time. The script runs in production once in a month . It takes 8 hours 30 mins in Production server . what surprice me is , when I run the same script in development server... (9 Replies)
Discussion started by: sakthifire
9 Replies
5. Programming
hello all,
I have developed a server application in C for ulinux kernel 2.6.It works very fine; creating a socket, binding it to a port, listening for incoming sockets and accepting them ,all finish without any error.
But there is a problem regarding application crash.After an intentionally... (1 Reply)
Discussion started by: Sedighzadeh
1 Replies
6. Programming
Problem
- Linux Client/Server Socket Application: Preventing Client from quitting on server crash
Hi,
I am writing a Linux socket Server and Client using TCP protocol on Ubuntu 9.04 x64.
I am having problem trying to implement a scenario where the client should keep running even when the... (2 Replies)
Discussion started by: varun.nagpaal
2 Replies
7. Solaris
Hi there,
We have a Solaris 10 machine which has been up and running for more than 400 days. A strange behaviour happened. The system date defaulted to epoch timestamp. Oracle stopped and application failed causing management to parade. We managed to reset the date. All other servers and... (8 Replies)
Discussion started by: sundar63
8 Replies
8. Red Hat
I encounter the following crash on RHEL 7.0 when I run a multithreaded video rendering application using GLFW and OpenGL. OpenGL version is 2.1 and MESA version is 9.3.0
Following is the back trace of the multi-threaded program I am working on:... (0 Replies)
Discussion started by: anuachin
0 Replies
nfssec(5) File Formats Manual nfssec(5)
NAME
nfssec - overview of NFS security modes
DESCRIPTION
The mount_nfs(1M) and share_nfs(1M) commands each provide a way to specify the security mode to be used on an NFS filesystem through the
option. mode can be either or These security modes may also be added to the automount maps. Note that mount_nfs(1M) and automount(1M) do
not support at this time.
The option on the share_nfs(1M) command line establishes the security mode of NFS servers. If the NFS connection uses the NFS Version 3
protocol, the NFS clients must query the server for the appropriate mode to use. If the NFS connection uses the NFS Version 2 protocol,
then the NFS client uses the default security mode, which is currently NFS clients may force the use of a specific security mode by speci-
fying the option on the command line. However, if the filesystem on the server is not shared with that security mode, the client may be
denied access.
If the NFS client wants to authenticate the NFS server using a particular (stronger) security mode, the client wants to specify the secu-
rity mode to be used, even if the connection uses the NFS Version 3 protocol. This guarantees that an attacker masquerading as the server
does not compromise the client.
The NFS security modes are described below. Of these, the modes use the Kerberos V5 protocol for authenticating and protecting the shared
filesystems. Before these can be used, the system must be configured to be part of a Kerberos realm.
Use authentication. The user's UNIX user-id and group-ids are passed in the clear on the network, unauthenticated by the NFS server
. This is the simplest security method and requires no additional administration. It is the default used by HP-UX NFS Version 2
clients and HP-UX NFS servers.
Use a Diffie-Hellman public key system
which is referred to as in the forthcoming Internet RFC).
Use Kerberos V5 protocol to authenticate users before granting access
to the shared filesystem.
Use Kerberos V5 authentication with integrity checking (checksums) to
verify that the data has not been tampered with.
User Kerberos V5 authentication, integrity checksums, and privacy protection
(encryption) on the shared filesystem. This provides the most secure filesystem sharing, as all traffic is encrypted. It should
be noted that performance might suffer on some systems when using depending on the computational intensity of the encryption
algorithm and the amount of data being transferred.
Use null authentication
NFS clients using have no identity and are mapped to the anonymous user by NFS servers. A client using a security mode other
than the one with which an HP-UX NFS server shares the filesystem has its security mode mapped to In this case, if the filesystem
is shared with users from the client are mapped to the anonymous user.
WARNINGS
lists the NFS security services. Do not edit this file. It is not intended to be user-configurable.
FILES
NFS security service configuration file
SEE ALSO
automount(1M), mount_nfs(1M), share_nfs(1M), rpc_clnt_auth(3N), secure_rpc(3N), nfssec.conf(4).
nfssec(5)