lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050920171153.GB1074__16171.3235931986$1127245151$gmane$org@finlandia.infodrom.north.de>
Date: Tue, 20 Sep 2005 19:11:53 +0200
From: Martin Schulze <joey@...odrom.org>
To: bugtraq@...urityfocus.com
Subject: Debian Security Host Bandwidth Saturation


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
The Debian Project                                http://www.debian.org/
Security Host Bandwidth Saturation                      press@...ian.org
September 20th, 2005            http://www.debian.org/News/2005/20050920
- ------------------------------------------------------------------------

Debian Security Host Bandwidth Saturation

The recently released security update of XFree86 in DSA 816 for sarge
and woody has caused the host security.debian.org to saturate its
100MBit/s network connection entirely.  Due to the large number of X
packages, the gross size of these packages and the high number of
users who need to install the update, the server is busy sending out
updates which exhaust its total outgoing bandwidth.

This incident happens before new a security infrastructure is in place
which would have avoided this.  At the moment we ask our users to
accept delays in their update until the situation is relaxed again.

Yesterday morning, at about 11 o'clock (CEST, i.e. UCT +0200) the
files for the security update DSA 816 (XFree86) were installed on the
public security server.  The result was similar to a distributed
denial of service since literally thousands of users tried to fetch
the updates.  Since then the host saturates its network connection
entirely.

Independent of this there have been discussions about restructuring
the security infrastructure in order to provide a more failsafe
solution, that can also deal with high bandwidth peaks better than a
single machine.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDMEKxW5ql+IAeqTIRArhRAKCrWBXrPLxEjI4TaAO0EysV3O8iGQCfTBC1
AcXjiglPKxS8wGqKzbHAeB0=
=iLq8
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ