1. Forum
  2. Fsxnet Message
  3. FSX MYS

  • Ghost connections

    From bamageek@21:1/140 to All on Friday, September 15, 2017 20:15:28
    I seem to all of a sudden have an increase in ghost connections. Is anyone
    else having this issue? I have to keep going into nodespy every so often and kick them out. Just wondering if its just me :)

    /**Dave's BBS telnet://davesbbs.com
    * @version 2.0 fsxNet: 21:1/140
    * GatorNet: 57:57/38
    **/

    --- Mystic BBS v1.12 A35 (Raspberry Pi/32)
    * Origin: fsxNet: Daves BBS (21:1/140)
  • From garycrunk@21:2/105 to bamageek on Friday, September 15, 2017 18:45:55
    anyone else having this issue? I have to keep going into nodespy every
    so often and kick them out. Just wondering if its just me :)

    I've not switched to A35. Still running A34... No Ghosts here.

    ----=[ Gary Crunk * Another F-ing BBS * anotherbbs.bbsindex.com ]=----

    --- Mystic BBS v1.12 A34 (Windows/32)
    * Origin: Another F-ing BBS (21:2/105)
  • From niter3@21:1/199 to bamageek on Friday, September 15, 2017 21:55:42
    On 09/15/17, bamageek said the following...

    I seem to all of a sudden have an increase in ghost connections. Is
    anyone else having this issue? I have to keep going into nodespy every
    so often and kick them out. Just wondering if its just me :)

    i was recently seeing it. i reverted back to telnetd

    --- Mystic BBS v1.12 A35 (Linux/32)
    * Origin: Clutch BBS * telnet://clutch.darktech.org (21:1/199)
  • From bcw142@21:1/145 to bamageek on Saturday, September 16, 2017 09:25:21
    On 09/15/17, bamageek said the following...

    I seem to all of a sudden have an increase in ghost connections. Is
    anyone else having this issue? I have to keep going into nodespy every
    so often and kick them out. Just wondering if its just me :)

    /**Dave's BBS telnet://davesbbs.com * @version 2.0 fsxNet: 21:1/140 * GatorNet: 57:57/38 **/

    No, it's not just you ;( It's mis2 I think. They build up till they take over however many nodes you have if you leave them. They are Ghosts in that the
    node that spawned them has shutdown. Mis2 opens a telnet node and then should shutdown that telnet node and for the most part and does, but can leave a
    Ghost on the attacker's nodes for some reason. I notice them in 'ps a' output under Linux, they are spawned parts of the former telnet session that
    sometimes take 100% CPU time (or large amounts) for no reason I can see. Just killing them as Ghosts takes care of it, but if you don't do it they will
    build up and take over. Not sure how to detect them yet except 'ps a' is showing them - so perhaps checking ps a for tasks that are using 0 or large amounts of CPU time could do it. I've seen both no CPU time and large amounts of CPU time being taken by them. I'm not sure the difference - kernel version? I think some type of cron loop could do it, the first is to kill the 0 CPU
    time ones (most common so far).

    --- Mystic BBS v1.12 A35 (Raspberry Pi/32)
    * Origin: Mystic Pi BBS bcw142.zapto.org (21:1/145)
  • From bamageek@21:1/140 to bcw142 on Saturday, September 16, 2017 20:29:46
    No, it's not just you ;( It's mis2 I think. They build up till they take over however many nodes you have if you leave them. They are Ghosts in that the node that spawned them has shutdown. Mis2 opens a telnet node
    and then should shutdown that telnet node and for the most part and
    does, but can leave a Ghost on the attacker's nodes for some reason. I notice them in 'ps a' output under Linux, they are spawned parts of the former telnet session that sometimes take 100% CPU time (or large
    amounts) for no reason I can see. Just killing them as Ghosts takes care of it, but if you don't do it they will build up and take over. Not sure how to detect them yet except 'ps a' is showing them - so perhaps
    checking ps a for tasks that are using 0 or large amounts of CPU time could do it. I've seen both no CPU time and large amounts of CPU time being taken by them. I'm not sure the difference - kernel version? I
    think some type of cron loop could do it, the first is to kill the 0 CPU time ones (most common so far).

    Thats definitely the problem I'm having. I've got 8 nodes running and after a day or so they're all locked out. I'll have to see if I can do that cron
    loop. Right now I just go into nodespy and manually kill them when I can
    think about it but it leaves the system inaccessible when I don't check daily.

    /**Dave's BBS telnet://davesbbs.com
    * @version 2.0 fsxNet: 21:1/140
    * GatorNet: 57:57/38
    **/

    --- Mystic BBS v1.12 A35 (Raspberry Pi/32)
    * Origin: fsxNet: Daves BBS (21:1/140)
  • From bcw142@21:1/145 to bamageek on Wednesday, September 20, 2017 19:08:56
    On 09/16/17, bamageek said the following...
    Thats definitely the problem I'm having. I've got 8 nodes running and after a day or so they're all locked out. I'll have to see if I can do that cron loop. Right now I just go into nodespy and manually kill them when I can think about it but it leaves the system inaccessible when I don't check daily.

    I had three trying to connect just now, but I haven't had all nodes tied up most of the week. I did block China, Russia, and India with iptables. I'm
    using mis2 for telnet but everything else is on mis (and this is a Pi3 with A35). I've only killed a few ghosts. I've found I can run the BBS and play
    mp4 videos with less than 50% CPU being used (even with Kodi & Mystic). I haven't got enough ghosts to try a cron loop yet, but there are some attcking right now:
    26901 pts/8 Ss+ 0:00 ./mystic -TID8 -IP76.114.222.33 -HOSTc-76-114-222-33.
    27811 pts/4 R+ 0:40 ./nodespy
    27938 pts/9 Ss+ 0:03 ./mystic -TID6 -IP127.0.0.1 -HOSTlocalhost -ML0
    -SL0 <- Me typing this ;)
    29278 pts/10 Ss+ 0:00 ./mystic -TID11 -IP177.238.134.228 -HOST177.238.134.2
    29312 pts/6 R+ 0:00 ps a
    They just aren't leaving much for ghosts.

    --- Mystic BBS v1.12 A35 (Raspberry Pi/32)
    * Origin: Mystic Pi BBS bcw142.zapto.org (21:1/145)
  • From bamageek@21:1/140 to bcw142 on Monday, September 18, 2017 20:58:37
    up most of the week. I did block China, Russia, and India with iptables. I'm using mis2 for telnet but everything else is on mis (and this is a
    Pi3 with A35). I've only killed a few ghosts. I've found I can run the

    Blocking China and Russia probably helps seems like a lot of connections are coming from those countries. I'm running everything on mis2 now.

    /**Dave's BBS telnet://davesbbs.com
    * @version 2.0 fsxNet: 21:1/140
    * GatorNet: 57:57/38
    **/

    --- Mystic BBS v1.12 A35 (Raspberry Pi/32)
    * Origin: fsxNet: Daves BBS (21:1/140)
  • From bcw142@21:1/145 to bamageek on Friday, September 22, 2017 11:22:22
    On 09/18/17, bamageek said the following...
    Blocking China and Russia probably helps seems like a lot of connections are coming from those countries. I'm running everything on mis2 now.

    /**Dave's BBS telnet://davesbbs.com * @version 2.0 fsxNet: 21:1/140 * GatorNet: 57:57/38 **/

    You can't run 'everything' on mis2, mis is needed for events like semaphores. On Linux cron will likely work and likely Windows scheduler will also. Found
    a bug where mis number of telnets was being used by mis2.

    --- Mystic BBS v1.12 A35 (Raspberry Pi/32)
    * Origin: Mystic Pi BBS bcw142.zapto.org (21:1/145)