[Beowulf] Security issues

B. Vincent Diepeveen diep at xs4all.nl
Thu Oct 23 20:39:17 PDT 2008


hi Joe,

Thanks for your post. Very interesting to see all this. Especially  
the summary on what the
hacker tried.

Note i was quite amazed that you mentionned Rocks distribution  
getting used with you.
A few weeks ago i grabbed latest Rocks with the idea to install it  
for my 1 node cluster.
Both attempted with and without quadrics QM400 card.

Node being a dual opteron dual core 2.4ghz, tyan S2881 motherboard.

All i tried, it didn't help; the distribution crashed during  
somewhere always. Very weird.

 From all distributions i tried over a period of a few weeks install  
at that machine,
it was the only distribution that crashed each time somewhere,
usually after checking the NIC's (which were not connected
to any network, let alone the internet). Sometimes also later on in  
the procedure;
seemed to me the provided kernel in that distribution DVD to be not  
very good one at all.

Now you post here a big story on how your Rocks got hacked. Do i  
conclude it correctly the
problem is that you ran a default Rocks kernel?

I'd say: Go take a stand on the Rocks :)

Note in my case the only other problem it possibly could've been i  
guess is that a bunch of
insecure encrypted drives are in the box.

Vincent

p.s. the hacker seems to me from your description some sort of guy  
with a criminal record.
Criminal as in: the type that goes into jail regurarly, so not the  
Perry E Metzger type :)
Note he wouldn't be able to do that anyway as he just runs a few  
mailing lists;
but well, what the hell do i know there.

On Oct 24, 2008, at 1:11 AM, Joe Landman wrote:

> Hi folks:
>
>    A customer with an [insert unnamed cluster distribution here]  
> cluster had a hack into it yesterday.  We looked through it and  
> found some things out.  I wrote a post on my blog about it (http:// 
> scalability.org/?p=909).  No, this is not astro-turfing, we don't  
> derive income from the blog.  No ads, no-nothing.  We get enough  
> traffic as it is.  I thought what I found would be useful to the  
> community.
>
>   Since it is a long post, I thought it was more courteous to post  
> a link than post the whole thing.
>
>   Hopefully it will show up on the [insert unnamed cluster  
> distribution here] but I doubt it, after a little exchange offline.
>
>   Joe
>
>
> -- 
> Joseph Landman, Ph.D
> Founder and CEO
> Scalable Informatics LLC,
> email: landman at scalableinformatics.com
> web  : http://www.scalableinformatics.com
>        http://jackrabbit.scalableinformatics.com
> phone: +1 734 786 8423 x121
> fax  : +1 866 888 3112
> cell : +1 734 612 4615
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit  
> http://www.beowulf.org/mailman/listinfo/beowulf
>




More information about the Beowulf mailing list