it's because they have images and smilies highly restricted. The images from the webadmin didn't come through on the blog post for some reason..another bug i have to hunt down..[:)]
that's your choice..but putting any machine unprotected on the internet is asking for it to get owned. Run a firewall on that machine if you are going to dmz it.
I have now growing short of patience. I have logged and logged and logged support calls and support cases regarding this issue. This bug should be treated as High Risk, because of the potential for a DoS. Astaro's answer to my queries:
"this is a known issue which will be fixed in a upcoming up2date package.
Unfortunately at the moment I can't mention a exact release date when it will be fixed.
Thank you very much for your understanding."
This is a typical answer from Astaro support, not something you want to see from a security company, you have put your trust in to protect your digital assets! [:@]
Very disappointed in their support and response. Will not be renewing our contract or subscriptions when it comes up for renewal! Anyone out there got any recommendations on alternative corporate level UTM solution?
FWIW, this would probably only be a DOS from inside, not from an external attacker.
Barry
I just replicated the issue on a lesser scale using BT but throttling hte number of connections. I didn't bring the machine to a halt(i got the load up to 5 though instead of 9 which is where it died at last time) and pfilter-reporte took hours to sort through it. I did take a 20% decrease in overall performance while this went on and the number of PPS isn't that high.
The flood from Bt happens when you don't always have the correct ports open for return traffic and DHT and they all look like unrequested packets and the firewall properly drops them. I can put in my ipcop hard disk and jack up the max global connections to 2k..max that out..leave the DHT and return path firewall ports closed and ipcop never uses more than 2% of the cpu. Basically somebody could throw a bunch of random data at the machine(and it doesn't take a bunch) from the outside w/o BT initializing and bring the machine to a crawl. This is a classic DOS scenario in terms of it doesn't take much to have the machine choke.
I'm not saying if you overload the incoming pipe and DOS..there's nothing to do there..but more than a few PPS and the machine falls over..that's a classic DOS vulnerability.
i'll post images from the executive report that shows the systems cpu during my testing.
Just wondering if any of you guys have opened an official support case with Astaro; I think this is something that they would need to address, as the DoS potential is definitely there.
Just wondering if any of you guys have opened an official support case with Astaro; I think this is something that they would need to address, as the DoS potential is definitely there.
Just by chance I went to the Known Issues List for V7, which was updated 24/07/07, and I am yet to find the pfilter-reporte bug or the multi-host DNS bug reported. So either this is still not being identified by Astaro as a known issue and will not be included in the 7.006 update or Astaro does not keep its users informed as to what are REAL issues their non-security gateway has. I am so tired of this, I am ready to scream. I will not be renewing our support contract as I feel I am not getting the service and support I am paying for. I am disappointed in Astaro, which seems to have taken a nose dive on customer relations, and putting out a stable product. V7 should not have been released to the public so soon, as it still appears to have so many Major bugs that can be exploited. And what makes me furious is the fact that Astaro has taken such a blasé attitude to identifying, fixing and keeping their customer's aware of these issues! Astaro's whole service approach is wrong and that will be their downfall.
