IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Networking Forum / Speaking of Nagios
Post #333,460
by jake123
9/30/10 5:35:03 PM
Reply
New Speaking of Nagios
I've personally blocked quite a few hosts that have poorly configured nagios systems that have sent notifications just as fast as the computer(s) can send them. To be sure, we tend to do so for a short length of time, but they fit the definition mooted above and were completely responsible for denying the use of the service by others because they've attempted to mail us several hundred times a minute.

Are we supposed to not do this, despite the fact that I'm sure the subscriber(s) in question probably became very relieved when their phone stopped ringing every couple of seconds?
Post #333,464
by drook
Picture of drook
9/30/10 5:58:53 PM
Reply
New Preventing use of the service by others is covered in ToS
It's a DOS attack. Intentional or not, I don't hear anyone opposed to blocking that.
--

Drew
Post #333,473
by folkert
Picture of folkert
9/30/10 7:05:49 PM
Reply
New We are not using the ...
direct to SMS delivery.

We use the SMTP gateway, which is a "natural" throttle.
Post #333,489
by jake123
9/30/10 10:33:56 PM
Reply
New Yes, that is the part of the infrastructure that I run
and it amounted to a DoS attack on it when a Canadian uni had a badly configured set of Nagios boxes run wild last week. Sure, it's a natural throttle, but when the mail server is throttling it, it's throttling everybody else using it as well.
Post #333,531
by folkert
Picture of folkert
10/1/10 10:43:23 AM
Reply
New I'm sorry... I should have said...
*MY* outbound mail server for our nagios system (it delivers it locally to the machine's SMTP Agent) does not do batch mode. It also does *not* send out 150 messages, using 150 connections at the same time to the same MX records. Its purposely setup to do them all serially.

Sure, I sometimes get a few hundred messages in 15 minutes. But every single one of them is sent ... singly and one at a time to the same MX record.

Now, if my nagios server needs to send out messages to a few AT&T recipients, a few Verizon recipients, a few T-Mobile recipients and a few Rogers recipients all at once, there will be multiple mail drops happening at the same time to each MX, but serially for those MX records.

I guess, I thought through this a bit more than others, as I am the recipient of some Denial of Service attacks... I didn't want to be a perp.

Many people don't test and just assume things are good.

I also, once I have an incident... I turn off notifications... until the event is past.

I guess I'm not the norm.
Post #333,472
by folkert
Picture of folkert
9/30/10 6:58:09 PM
Reply
New We only send to those that are supposed to...
And they are definitely responsible for the systems they are notified for.

We use the SMTP gateways to not overwhelm the services. (10digitnum@vtext.com... etc... 1234567890@rogers.com) and we deliver singly, not in batch mode.

Verizon delivers in mere seconds. AT&T delays up to 30 minutes. T-Mobile doesn't delay more than a minute. Rogers is also near instantaneous.

Dunno. But this is not that tough.
Post #333,478
by drook
Picture of drook
9/30/10 9:42:35 PM
Reply
New Possible SES?
That's "Shit's Easy Syndrome". You obviously know way more about it than I do, but Box does do this for a living. Easy for you doesn't necessarily mean easy for him, and I don't like making promises on other people's efforts.

However ... I still say if you can prioritize it, and they can, that that's all you need to do. Automated messages always get last priority, problem solved.

Here's my assumption, by the way: Once the hardware and software is in place to do this at all (including the gateway Box mentions), I assume that the incremental cost of each message approaches zero until you reach saturation of some part of the system and have to increase capacity. Is that a valid assumption?
--

Drew
Post #333,487
by boxley
9/30/10 10:00:55 PM
Reply
New headcount doesnt approach zero
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 55 years. meep
Post #333,492
by jake123
9/30/10 10:37:35 PM
Reply
New Actually, prioritizing automated messages last
would be a terrible idea. Automated messages make up the majority of all legitimate messages we handle... and they are generally considered very important by the customers that use them. We get to hear about it sometimes when they're delayed by ten minutes; some very major Canadian inet services use us to notify their employees of problems.
Post #333,490
by jake123
9/30/10 10:34:47 PM
Reply
New Heh
Rogers is the smtp gateway that I actually admin.
Post #333,533
by folkert
Picture of folkert
10/1/10 10:46:50 AM
Reply
New Look at the post where I explained...
My setup to not become a DoS.

http://iwt.mikevital....iwt?postid=36671
Post #333,625
by jake123
10/3/10 2:33:52 PM
Reply
New Just did read that
and no, you're not the norm. Well, semi norm? I guess most people have it set up alright, but the ones that don't end up causing us huge problems, so we really get to notice those ones.
     so people should be allowed to spam sms - (boxley) - (62) - Sept. 24, 2010, 10:59:49 PM EDT
         Where do you see spam? - (scoenye) - (57) - Sept. 24, 2010, 11:47:58 PM EDT
             not the point - (boxley) - (56) - Sept. 25, 2010, 12:00:40 AM EDT
                 But this case has nothing to do with spam - (scoenye) - (55) - Sept. 25, 2010, 09:23:11 AM EDT
                     He does - (crazy) - (54) - Sept. 25, 2010, 09:29:40 AM EDT
                         sort of - (boxley) - (53) - Sept. 25, 2010, 10:39:22 AM EDT
                             Please - (crazy) - (52) - Sept. 25, 2010, 12:27:33 PM EDT
                                 is the judges ruling narrow or broad? - (boxley) - (3) - Sept. 25, 2010, 04:59:53 PM EDT
                                     Poor dodge - (crazy) - (2) - Sept. 25, 2010, 10:58:16 PM EDT
                                         nope, wrong question - (boxley) - (1) - Sept. 26, 2010, 10:01:54 AM EDT
                                             Huh? - (crazy) - Sept. 27, 2010, 01:52:28 AM EDT
                                 It is asked for - (scoenye) - Sept. 25, 2010, 07:11:39 PM EDT
                                 Yeah, as a person in a similar line of work - (jake123) - (46) - Sept. 25, 2010, 09:06:08 PM EDT
                                     You know what it comes down to? - (static) - Sept. 25, 2010, 11:53:02 PM EDT
                                     That is what we currently have - (scoenye) - (44) - Sept. 26, 2010, 10:39:08 AM EDT
                                         Dude, I don't think you realise - (jake123) - (43) - Sept. 27, 2010, 12:37:12 PM EDT
                                             Give them a whitelist - (crazy) - (32) - Sept. 27, 2010, 06:20:48 PM EDT
                                                 can we give the users your phone number for support? - (boxley) - (1) - Sept. 27, 2010, 07:32:37 PM EDT
                                                     Free? No - (crazy) - Sept. 27, 2010, 09:08:04 PM EDT
                                                 They have whitelists - (jake123) - (29) - Sept. 28, 2010, 09:52:32 AM EDT
                                                     See above - (crazy) - (28) - Sept. 29, 2010, 06:15:17 PM EDT
                                                         Re: See above - (boxley) - (27) - Sept. 29, 2010, 08:35:50 PM EDT
                                                             Which is it? - (drook) - (26) - Sept. 29, 2010, 11:27:44 PM EDT
                                                                 Mass, one or more automated messages - (boxley) - (22) - Sept. 30, 2010, 07:38:59 AM EDT
                                                                     So... me sending... - (folkert) - (21) - Sept. 30, 2010, 08:43:32 AM EDT
                                                                         just because the carrier allows you to abuse their TOS - (boxley) - (8) - Sept. 30, 2010, 09:57:40 AM EDT
                                                                             If he pays for the service - (beepster) - (2) - Sept. 30, 2010, 11:28:10 AM EDT
                                                                                 And I do pay for unlimited. -NT - (folkert) - Sept. 30, 2010, 03:10:49 PM EDT
                                                                                 Re: If he pays for the service - (boxley) - Sept. 30, 2010, 03:12:39 PM EDT
                                                                             Selective enforcement... - (folkert) - (4) - Sept. 30, 2010, 03:11:30 PM EDT
                                                                                 Technical solution that proves this is bogus - (drook) - (3) - Sept. 30, 2010, 03:34:59 PM EDT
                                                                                     I don't have a problem with... - (folkert) - (2) - Sept. 30, 2010, 07:09:05 PM EDT
                                                                                         whats this free shyte? - (boxley) - (1) - Sept. 30, 2010, 08:39:17 PM EDT
                                                                                             Ok jackass... - (folkert) - Oct. 1, 2010, 10:32:18 AM EDT
                                                                         Speaking of Nagios - (jake123) - (11) - Sept. 30, 2010, 05:35:03 PM EDT
                                                                             Preventing use of the service by others is covered in ToS - (drook) - (3) - Sept. 30, 2010, 05:58:53 PM EDT
                                                                                 We are not using the ... - (folkert) - (2) - Sept. 30, 2010, 07:05:49 PM EDT
                                                                                     Yes, that is the part of the infrastructure that I run - (jake123) - (1) - Sept. 30, 2010, 10:33:56 PM EDT
                                                                                         I'm sorry... I should have said... - (folkert) - Oct. 1, 2010, 10:43:23 AM EDT
                                                                             We only send to those that are supposed to... - (folkert) - (6) - Sept. 30, 2010, 06:58:09 PM EDT
                                                                                 Possible SES? - (drook) - (2) - Sept. 30, 2010, 09:42:35 PM EDT
                                                                                     headcount doesnt approach zero -NT - (boxley) - Sept. 30, 2010, 10:00:55 PM EDT
                                                                                     Actually, prioritizing automated messages last - (jake123) - Sept. 30, 2010, 10:37:35 PM EDT
                                                                                 Heh - (jake123) - (2) - Sept. 30, 2010, 10:34:47 PM EDT
                                                                                     Look at the post where I explained... - (folkert) - (1) - Oct. 1, 2010, 10:46:50 AM EDT
                                                                                         Just did read that - (jake123) - Oct. 3, 2010, 02:33:52 PM EDT
                                                                 You've missed the other key point - (jake123) - (2) - Sept. 30, 2010, 05:38:01 PM EDT
                                                                     freetards is the problem -NT - (boxley) - Sept. 30, 2010, 05:43:23 PM EDT
                                                                     The problem is box miscategorised it - (crazy) - Oct. 2, 2010, 11:42:33 PM EDT
                                             To put this wreck back on the rails... - (scoenye) - (9) - Sept. 28, 2010, 06:30:00 PM EDT
                                                 try reading the link - (boxley) - (8) - Sept. 28, 2010, 08:33:11 PM EDT
                                                     Someone aleady quoted that - (drook) - (7) - Sept. 28, 2010, 10:38:47 PM EDT
                                                         one more time, if the ruling goes against - (boxley) - (6) - Sept. 28, 2010, 11:04:27 PM EDT
                                                             A pleading doesn't determine the ruling. - (Another Scott) - (2) - Sept. 28, 2010, 11:42:06 PM EDT
                                                                 if the ruling states they MUST deliver it does exactly that -NT - (boxley) - (1) - Sept. 29, 2010, 08:02:08 AM EDT
                                                                     And if wishes were horses ... We'll see. -NT - (Another Scott) - Sept. 29, 2010, 09:48:38 AM EDT
                                                             Please answer these two simple questions - (drook) - (2) - Sept. 28, 2010, 11:43:02 PM EDT
                                                                 Re: Please answer these two simple questions - (boxley) - (1) - Sept. 29, 2010, 08:01:31 AM EDT
                                                                     Hear that - (crazy) - Sept. 29, 2010, 06:12:01 PM EDT
         Settled out of court. - (folkert) - (1) - Oct. 1, 2010, 06:44:34 PM EDT
             good, having that albatross going the wrong way would be bad - (boxley) - Oct. 1, 2010, 08:56:35 PM EDT
         So should T-Mobile go to jail for bank robbery now? - (crazy) - (1) - Oct. 2, 2010, 11:47:14 PM EDT
             Freakin' awesome! - (folkert) - Oct. 3, 2010, 12:27:18 AM EDT

Let Us Now Braise Famous Men, those who in their salad days.. imagined that they were of the Caesar variety.
208 ms