Package: apt-cacher
Severity: serious
Hi,
I run ftp.uk.debian.org, and recently noticed that I was getting hourly
spikes of connections. On investigation, it seems that a particular IP
address is launching what ammounts to a low-grade DoS, trying to get
the same files thousands of times a day, making hundreds of attempts per second.
Examining the incoming packets, I see this header:
User-Agent: Debian Apt-Cacher-NG/0.4
hence this bug report.
To indicate the scale of the problem, let's have a look at one of the
busier seconds (07:52:42) of activity from this one IP address this morning:
p...@free:~$ grep $IP /var/log/nginx/ftphost.access.log | sed -ne
'\#29/Sep/2010:07:52:42#s/.*GET \([^ ]*\) .*$/\1/p' | sort | uniq -c | sort -nr
23 /debian/dists/lenny/non-free/source/Sources.diff/Index
23 /debian/dists/lenny/contrib/source/Sources.diff/Index
22 /debian/dists/lenny/main/source/Sources.diff/Index
18 /debian/dists/lenny/main/binary-i386/Packages.bz2
18
/debian-volatile/dists/lenny/volatile/contrib/binary-i386/Packages.diff/Index
17
/debian-volatile/dists/lenny/volatile/non-free/binary-i386/Packages.diff/Index
17
/debian-volatile/dists/lenny/volatile/main/binary-i386/Packages.diff/Index
16 /debian/dists/lenny/contrib/binary-i386/Packages.diff/Index
15 /debian/dists/lenny/non-free/binary-i386/Packages.bz2
13
/debian-volatile/dists/lenny/volatile-sloppy/main/binary-i386/Packages.bz2
12 /debian/dists/lenny/non-free/binary-i386/Packages.diff/Index
12
/debian-volatile/dists/lenny/volatile-sloppy/non-free/binary-i386/Packages.diff/Index
12
/debian-volatile/dists/lenny/volatile-sloppy/contrib/binary-i386/Packages.bz2
11 /debian-volatile/dists/lenny/volatile/Release.gpg
9 /debian-volatile/dists/lenny/volatile/non-free/binary-i386/Packages.bz2
9 /debian-volatile/dists/lenny/volatile/main/binary-i386/Packages.bz2
9 /debian-volatile/dists/lenny/volatile/contrib/binary-i386/Packages.bz2
9
/debian-volatile/dists/lenny/volatile-sloppy/non-free/binary-i386/Packages.bz2
8 /debian/dists/lenny/contrib/source/Sources.bz2
7 /debian/dists/lenny/non-free/source/Sources.bz2
7 /debian/dists/lenny/main/binary-i386/Packages.diff/Index
7 /debian/dists/lenny/contrib/binary-i386/Packages.bz2
7 /debian/dists/lenny/Release.gpg
7 /debian/dists/lenny/Release
7 /debian-volatile/dists/lenny/volatile/Release
7
/debian-volatile/dists/lenny/volatile-sloppy/main/binary-i386/Packages.diff/Index
7 /debian-volatile/dists/lenny/volatile-sloppy/Release
6 /debian/dists/lenny/main/source/Sources.bz2
6
/debian-volatile/dists/lenny/volatile-sloppy/contrib/binary-i386/Packages.diff/Index
5 /debian-volatile/dists/lenny/volatile-sloppy/Release.gpg
asking for the same URL 23 times in the same second seems just a little
brain-dead to me, especially given that it's recieving a 404 in response.
Is apt-cacher expecting it to have popped into existance in the
interveining milliseconds?
It's also doing it for valid URLs as is shown by the #4 slot, which
is 18 attempts to grab what seems to be the last byte of the file
/debian/dists/lenny/main/binary-i386/Packages.bz2, which gets a 206
response. This seems particularly surprising behaviour for a program
with the word cacher in its name.
I presume (or at least hope) that the user has made some sort of local
configuration error, but the fact that this package enables this makes
it a serious problem IMO.
I will attempt to contact the user, and will ask them to contribute
details here if possible. Hopefully we'll be able to identify something
that will allow the daemon to abort if the config is likely to end up
with this behaviour.
Cheers, Phil.
|)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/
|-| HANDS.COM Ltd. http://www.uk.debian.org/
|(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
