Would a DOS on dovecot running under a VM cause host to crash?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey All,

I'm just wondering whether this is what caused my server to crash.

Started last night in NZ land.

Jun 20 19:22:11 elm dovecot: imap-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=attackerip, lip=10.0.0.3, session=<0C8LzpDfZQDINsQC>

occasionally get

Jun 20 19:22:52 elm dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=attackerip, lip=10.0.0.3, session=<bHdz0JDfpwDINsQC>
or in 0 secs

last at
Jun 20 19:26:24 elm dovecot: imap-login: Disconnected (tried to use disallowed plaintext auth): user=<>, rip=attackerip, lip=10.0.0.3, session=<1MUR3ZDfcwDINsQC>

and a minute later the server lost contact to the world. When I checked a bit later, the underlying host machine (dovecot runs on a VM (KVM)) had been powered off.

Now, here in NZ land, there was also a crazy storm last night, and lots of brown outs. There could potentially of been a surge that killed it, but the UPS was still running
fine when I started it again.

The "attack" lasted around 4 minutes, in which there was 1161 lines in the log for a
single attacker ip, and no other similar logs previously.

Would this be enough to kill not only the VM running dovecot, but the underlying host
machine?

All up to date with patches, running debian stable (wheezy).
dovecot-core debian package version 1:2.1.7-7
dovecot version 2.1.7
I notice there is a version 2.2.3 out, but not in debian yet. Could this fix this
issue? I don't particularly want to have it happen again :D.

The host is running debian oldstable (squeeze), so could update more.
libvirt0 debian package version 0.8.3-5+squeeze5
libvirt version 0.8.3
I notice there is a version 1.0.6 out (debian stable only has 0.9.12-11+deb7u1, which
is 0.9.12), would either of these versions fix an issue like this?
qemu-kvm debian package version 0.12.5+dfsg-5+squeeze10
kernel is 2.6.32-5-amd64

Any thoughts?

Cheers,

Hugh

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux