Jump to content
x=usr(1536)

tnfsd likes writing logs a little too much

Recommended Posts

This one has been driving me up the wall for the past 24 hours or so.  If anyone can point me in the direction of the thing I've overlooked, I would be extremely grateful.

 

Scenario: retiring the RasPi-based tnfs server and moving it over to a dedicated VM.  Everything is essentially finished, but I'm running into a problem on the VM with tnfsd's logging verbosity: it likes to write the following to both /var/log/syslog and /var/log/daemon.log until they fill up /var:

 

Spoiler

Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:15 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:16 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:16 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:16 tnfs tnfsd[595]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  6 12:04:16 tnfs tnfsd[595]

 

The same message is written to both daemon.log and syslog at a rate of roughly 100 messages/second for both.  tnfsd is running as a service, called by systemd; the same messages appear under `systemctl status tnfsd`, and their timestamps indicate that they're still being written.

 

This is with a hand-rolled binary built from a git clone of the spectranet repo under Debian 11 on x64; the only build option was `os=LINUX`.  The Debian install is super-light - it was built to run tnfsd, and nothing else.  No Desktop, X, unnecessary packages, etc.  Not even iptables or similar at the moment.  Results are the same regardless of whether my binary or the prebuilt one from https://fujinet.online/download is being used.

 

Any ideas?  I'm grasping at straws on this one.

Share this post


Link to post
Share on other sites
49 minutes ago, x=usr(1536) said:

Any ideas?  I'm grasping at straws on this one.

compile it without DEBUG ?

Share this post


Link to post
Share on other sites
31 minutes ago, mozzwald said:

compile it without DEBUG ?

It will not help in this case, ... tnfs/tnfsd/datagram.c

printf("DEBUG: rx of tcpmsg: %d bytes: %s\n", sz, buf);

I am wondering are you connecting to or listening on TCP? NTFS runs usually over UDP.

 

Edit: Hmm, tnfsd seems to be listening always on both, UDP and TCP. The question is what triggers TCP handler in your case (as there is 0 bytes available from your logs)? Strange select()?

Edited by apc

Share this post


Link to post
Share on other sites
4 hours ago, mozzwald said:

compile it without DEBUG ?

The only build option specified was for the target OS.  Funnily enough, the reason why I ended up rolling my own was to eliminate the possibility of that being an issue affecting the binary on fujinet.online - I first saw this behaviour with that version and decided to see if rolling my own solved it.

 

FWIW, I did roll one with DEBUG explicitly enabled and got what shasum declared to be the exact same binary as without it.

4 hours ago, apc said:

Edit: Hmm, tnfsd seems to be listening always on both, UDP and TCP. The question is what triggers TCP handler in your case (as there is 0 bytes available from your logs)? Strange select()?

I can block TCP at the firewall and see what happens.

 

FWIW, this never happened on the RasPi as far as I can remember, and grepping the logs on that machine has no matches for `tnfsd`, which I would expect to see if it was writing to the logs.  Note that I'm using a hand-rolled version there as well for both the OS and tnfsd - the prepackaged image is not in use.

Share this post


Link to post
Share on other sites

I my previous post, I said the following:

24 minutes ago, x=usr(1536) said:

FWIW, I did roll one with DEBUG explicitly enabled and got what shasum declared to be the exact same binary as without it.

This one, I believe, has been tracked down.  I didn't realise that `make clean` by itself wouldn't clean up after a build - you have to specify `make OS=INSERTOSHERE clean` in order for it to work.  If you don't insert the `OS=` flag, the makefile doesn't do a clean and just says that there's no rule to follow.  I managed to miss this and happily rebuilt the same binary multiple times.

 

Armed with that bit of knowledge, I've now built three binaries, each one confirmed different.  Here's what I get:

Spoiler

[email protected]:~/build/tnfsd# ls -al bin/
total 192
drwxr-xr-x 2 tnfsd tnfsd  4096 Sep  6 17:38 .
drwxr-xr-x 4 tnfsd tnfsd   4096 Sep  6 17:38 ..
-rwxr-xr-x 1 tnfsd tnfsd  47704 Sep  6 17:38 tnfsd
-rwxr-xr-x 1 tnfsd tnfsd  86512 Sep  6 17:35 tnfsd.debug
-rwxr-xr-x 1 tnfsd tnfsd  47704 Sep  6 17:37 tnfsd.usagelog

 

[email protected]:~/build/tnfsd# cd bin/
[email protected]:~/build/tnfsd/bin# shasum -a 256 tnfsd tnfsd.debug tnfsd.usagelog
b89d5a92ec417d475942705406c4af6653a6573183b0ad498cfcecbb7e6e337d  tnfsd
9adfcc4c25a0728e6ca8ec5f7462d86c4c326e921a2b37963430a794ecdb1272  tnfsd.debug
eb7bca025bbff0918a3ec48ac82e0664a8f9a2110c864ea53321126633d525b0  tnfsd.usagelog
[email protected]:~/build/tnfsd/bin#

tnfsd and tnfsd.usagelog end up being the same size, but as the shasums are different their build options were likely respected.

 

Given the lack of understanding on my behalf of what `make` wanted in the way of build options, I'm retrying with binaries that are known to be what they should be.

  • Like 1

Share this post


Link to post
Share on other sites

It looks like a bug in tnfs/tnfsd/datagram.c

 

I can trigger crazy tnfsd output with netcat (or telnet) to TCP port 16384 (which is open by tnfsd):

$ nc localhost 16384  # just hit ctrl+c to close the connection
^C
$

And you will get:

DEBUG: rx of tcpmsg: 0 bytes: �
DEBUG: rx of tcpmsg: 0 bytes: �
DEBUG: rx of tcpmsg: 0 bytes: �
DEBUG: rx of tcpmsg: 0 bytes: �
...

 

Currently, if you are running any network probes to the TCP port 16384 (network scanning or service monitoring) it will make tnfsd very unhappy.

Edited by apc

Share this post


Link to post
Share on other sites
5 hours ago, apc said:

It looks like a bug in tnfs/tnfsd/datagram.c

 

I can trigger crazy tnfsd output with netcat (or telnet) to TCP port 16384 (which is open by tnfsd):

$ nc localhost 16384  # just hit ctrl+c to close the connection
^C
$

And you will get:

DEBUG: rx of tcpmsg: 0 bytes: �
DEBUG: rx of tcpmsg: 0 bytes: �
DEBUG: rx of tcpmsg: 0 bytes: �
DEBUG: rx of tcpmsg: 0 bytes: �
...

 

Currently, if you are running any network probes to the TCP port 16384 (network scanning or service monitoring) it will make tnfsd very unhappy.

Funnily enough, I just popped in to say that I was able to reproducibly trigger this with telnet :D  Makes sense: looking back on what was happening when this behaviour first triggered, I was testing firewall rules using telnet and tnfs_client.py.

 

Have separate terminals up doing a tail -f on both /var/log/daemon.log and /var/log/syslog.  Telnet to port 16384.  When connected, hit enter twice followed by ^].  Issue the 'quit' command.  Watch as the logfiles go ballistic filling with stuff:

 

Spoiler

/var/log/syslog:

 

tnfsSep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017
Sep  7 07:20:47 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:47 tnfs tnfsd[1172]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:47 tnfs tnfsd[1172]: Unable to bind TCP socket
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1.
Sep  7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:47 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:47 tnfs tnfsd[1173]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:47 tnfs tnfsd[1173]: Unable to bind TCP socket
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2.
Sep  7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:47 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:47 tnfs tnfsd[1174]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:47 tnfs tnfsd[1174]: Unable to bind TCP socket
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3.
Sep  7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:48 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:48 tnfs tnfsd[1175]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:48 tnfs tnfsd[1175]: Unable to bind TCP socket
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4.
Sep  7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:48 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:48 tnfs tnfsd[1176]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:48 tnfs tnfsd[1176]: Unable to bind TCP socket
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5.
Sep  7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: Failed to start tnfs Daemon.
Sep  7 07:20:55 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly.
Sep  7 07:20:55 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:55 tnfs systemd[1]: Failed to start tnfs Daemon.
Sep  7 07:21:27 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:27 tnfs tnfsd[1198]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:27 tnfs tnfsd[1198]: Unable to bind TCP socket
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1.
Sep  7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:27 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:27 tnfs tnfsd[1199]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:27 tnfs tnfsd[1199]: Unable to bind TCP socket
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2.
Sep  7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:27 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:27 tnfs tnfsd[1200]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:27 tnfs tnfsd[1200]: Unable to bind TCP socket
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3.
Sep  7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:28 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:28 tnfs tnfsd[1201]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:28 tnfs tnfsd[1201]: Unable to bind TCP socket
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4.
Sep  7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:28 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:28 tnfs tnfsd[1202]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:28 tnfs tnfsd[1202]: Unable to bind TCP socket
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5.
Sep  7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: Failed to start tnfs Daemon.

 

Spoiler

/var/log/daemon.log:

 

Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017›;?#016›;?#015›;?#014›;?#013›;?
Sep  7 07:20:40 tnfs tnfsd[590]: ›;?#011›;?#010›;?#010›;?#007›;?#007›;?#006›;?#006›;?#005›;?#005›;?#004›;?#003›;?#002›;~?#006›;>#010ÃK>#031~¡#003>4ƒ#003>#011æƒ#003>#004—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?—?~—?>"˛∆#003>2¡#003>#011~√#003
Sep  7 07:20:40 tnfs tnfsd[590]: DEBUG: rx of tcpmsg: 0 bytes:
Sep  7 07:20:40 tnfs tnfsd[590]: ¿#003˛?#022˛?#022›;?#021›;?#020›;?#017
Sep  7 07:20:40 tnfs systemd[1]: Configuration file /etc/systemd/system/
Sep  7 07:20:47 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:47 tnfs tnfsd[1172]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:47 tnfs tnfsd[1172]: Unable to bind TCP socket
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1.
Sep  7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:47 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:47 tnfs tnfsd[1173]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:47 tnfs tnfsd[1173]: Unable to bind TCP socket
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2.
Sep  7 07:20:47 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:47 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:47 tnfs tnfsd[1174]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:47 tnfs tnfsd[1174]: Unable to bind TCP socket
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:47 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3.
Sep  7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:48 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:48 tnfs tnfsd[1175]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:48 tnfs tnfsd[1175]: Unable to bind TCP socket
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4.
Sep  7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:48 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:20:48 tnfs tnfsd[1176]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:20:48 tnfs tnfsd[1176]: Unable to bind TCP socket
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5.
Sep  7 07:20:48 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly.
Sep  7 07:20:48 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:48 tnfs systemd[1]: Failed to start tnfs Daemon.
Sep  7 07:20:54 tnfs systemd[1]: Configuration file /etc/systemd/system/
Sep  7 07:20:55 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly.
Sep  7 07:20:55 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:20:55 tnfs systemd[1]: Failed to start tnfs Daemon.
Sep  7 07:21:27 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:27 tnfs tnfsd[1198]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:27 tnfs tnfsd[1198]: Unable to bind TCP socket
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 1.
Sep  7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:27 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:27 tnfs tnfsd[1199]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:27 tnfs tnfsd[1199]: Unable to bind TCP socket
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 2.
Sep  7 07:21:27 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:27 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:27 tnfs tnfsd[1200]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:27 tnfs tnfsd[1200]: Unable to bind TCP socket
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:27 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 3.
Sep  7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:28 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:28 tnfs tnfsd[1201]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:28 tnfs tnfsd[1201]: Unable to bind TCP socket
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 4.
Sep  7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:28 tnfs systemd[1]: Started tnfs Daemon.
Sep  7 07:21:28 tnfs tnfsd[1202]: Starting tnfsd version 20.1115.2 using root directory "/mnt/tnfs/atari/"
Sep  7 07:21:28 tnfs tnfsd[1202]: Unable to bind TCP socket
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Main process exited, code=exited, status=255/EXCEPTION
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Scheduled restart job, restart counter is at 5.
Sep  7 07:21:28 tnfs systemd[1]: Stopped tnfs Daemon.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Start request repeated too quickly.
Sep  7 07:21:28 tnfs systemd[1]: tnfsd.service: Failed with result 'exit-code'.
Sep  7 07:21:28 tnfs systemd[1]: Failed to start tnfs Daemon.

 

Only way to stop it was to use systemctl to stop tnfsd, which then refused to restart via systemctl.  Rebooted in order to have everything back up cleanly.

 

Also found some interesting things about how commands with write capability work, but will get to them separately.

Share this post


Link to post
Share on other sites

Apparently I just can't get enough of this one ;)

 

Running nmap against port 16384, basic UDP scan:

Spoiler

/var/log/daemon.log:

 

Sep  7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received
Sep  7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received

 

Spoiler

/var/log/syslog:

 

Sep  7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received
Sep  7 08:42:49 tnfs tnfsd[590]: 10.10.10.10 | Invalid datagram received

And the results:

Spoiler

lolbox:~ jrandomuser$ sudo nmap -sU its.a.sekrit -p 16384
Starting Nmap 7.90 ( https://nmap.org ) at 2021-09-07 08:42 CDT
Nmap scan report for its.a.sekrit (10.10.10.100)
Host is up (0.0016s latency).

PORT      STATE         SERVICE
16384/udp open|filtered connected

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
lolbox:~ jrandomuser$

No crashes, no crazy logfills.  UDP looks to be fairly solid, at least from a quick poke at it.

  • Haha 1

Share this post


Link to post
Share on other sites

so what was or is the final solution so folks don't get hit with crazy logfills exactly? or can we all look forward to malicious scans etc triggering a logfill  frenzy

perhaps a warning of what not to do and what to do need be propagated to the fujinet/Atari world

Edited by _The Doctor__

Share this post


Link to post
Share on other sites
46 minutes ago, _The Doctor__ said:

so what was or is the final solution so folks don't get hit with crazy logfills exactly?

Take care when making your TNFS server reachable from wild world. Ensure only UDP port 16384 is exposed.

 

In general, follow security practices:

- restrict TNFS to vm/container/jail/chroot/etc.

- run it with dedicated user

- limit the permissions on files/dirs to allow only read access

- be prepared, bad ass will exploit it

- do backups

I am not security expert, I'm sure someone can add more rulz ;-)

  • Like 2

Share this post


Link to post
Share on other sites
3 hours ago, apc said:

Take care when making your TNFS server reachable from wild world. Ensure only UDP port 16384 is exposed.

This.  If public-facing, it's the best quick mitigation, but far from perfect.  More on that below.

3 hours ago, apc said:

In general, follow security practices:

- restrict TNFS to vm/container/jail/chroot/etc.

Added to this:

  • Use separate partitions for /, /home, /var, etc.
  • If practical, set syslog and daemon.log to rotate based on size & age (this will keep them from flooding /var, but you may lose useful logs)
  • Mount your tnfs hierarchy on a separate disk (physical or loopback, your call, but loopbacks can be scaled more easily for the amount of data being stored & served)
3 hours ago, apc said:

- run it with dedicated user

- limit the permissions on files/dirs to allow only read access

File ACLs would also be a good idea, particularly the effective rights mask though user / group / other ACLs shouldn't be ignored.  This is more of a 'just in case' on top of the regular permissions in case things start being written.

3 hours ago, apc said:

- be prepared, bad ass will exploit it

- do backups

Also these.

3 hours ago, apc said:

I am not security expert, I'm sure someone can add more rulz ;-)

As mentioned at the start of this reply: allowing only UDP/16384 through the firewall to the tnfs box will prevent TCP traffic from being able to spin the logs up into a frenzy.  However, it's not clear if there are issues present in UDP that haven't been found yet.  This is why I refer to it as mitigation but far from perfect.  Still, it should absolutely be done.

 

Assuming a public-facing machine, put it in a DMZ, not on your internal network.  The DMZ should have no access into the internal network, but the internal network should be able to reach into the DMZ for admin purposes, etc.  This applies to VMs, etc. as well as physical machines.

 

If you're already running IDS / IPS, you probably don't need to be reading this thread ;)  But a check for activity on TCP/16384 and possible block rule might not be a bad idea.  If nothing else, the logging will at least let you know who is interested.

 

I alluded to this earlier in the thread, but to flesh things out a bit more: tnfsd has the ability - by design - to both read and write.  From the small amount of playing around I was able to do with it this morning, it may (note the emphasis: I want to be clear that this is unproven) be possible for an attacker to exploit that.

 

This may sound like something that can be remedied with read-only directories.  And to some extent, that's probably true.  However, out of an abundance of paranoia caution regarding writing outside of tnfsd's specified directory hierarchy, use a combination of the above guidelines so that you're as shored-up as possible.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...