CapPortAS max 152 processess.

Home Page Forums Network Management Signal a BUG CapPortAS max 152 processess.

This topic contains 1 reply, has 0 voices, and was last updated by  cicciopasticcio 8 years ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #42827

    BIG problem. I have few users in captive portal, but, even if they are not authenticated, they “consume” resources in ZeroShell appliance, I discovered that EVERY request (in-to-out) on the port 80/443 make a process called CapPortAS to start.
    Not only, but the maximun number of these processes is limitated by 152.
    After this the captive portal stops to work, the timeout expires, and the users should authenticate again (without success because the CapPortAS again are saturated).

    I found that this is not a new BUG, but should be solved years ago.

    Remember that not only some (bad) worms inside the clients can determine this but also normal software like antivirus, software update, skype (it uses 443 port), so ZeroShell should be able to understand which is the true http traffic from a browser, from tcp traffic on port 80/443.

    A normal PC not authenticated, with Skype (not yet authenticated), turns on 10-15 CapPortAS alone.

    #51522

    I suspected that the problem is in some P2P software on the clients, so I did a

    netstat | grep :1208[0-1]

    to display all connections on ports 12080, 12081 . I suspect that, if a user is not authenticated, it causes the problem.
    It’s a DoS situation:

    root@zeroshell root> netstat  | grep :120
    tcp 0 0 172.16.12.1:12080 172.16.12.20:50326 SYN_RECV
    tcp 0 0 172.16.12.1:12081 172.16.16.12:54480 SYN_RECV
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51404 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49279 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59684 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51416 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51620 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.55:63323 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63917 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63957 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51623 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49244 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.20:50321 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.12:54481 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49299 TIME_WAIT
    tcp 0 0 172.16.12.1:12082 172.16.12.70:61932 TIME_WAIT
    tcp 0 0 172.16.12.1:12082 172.16.14.25:1138 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.184:49583 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49236 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59680 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51408 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59707 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49267 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.21:61060 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59683 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51382 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63918 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59665 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49280 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49207 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49289 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49252 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51380 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.14.43:57009 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63916 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63899 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.20:50309 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.14.43:57010 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59681 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.12:54483 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.20:50308 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.12.118:63885 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.37:53893 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49276 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51417 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63950 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63936 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.12.192:51393 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51422 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.14.26:51102 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49253 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.20:50307 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.39:52805 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59713 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51395 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49292 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59676 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59690 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.12:54475 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49270 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49245 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.184:49585 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59675 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63954 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51403 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.12.40:50910 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63883 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63896 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.37:53892 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49199 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59701 TIME_WAIT
    tcp 0 0 172.16.12.1:12082 172.16.12.130:53790 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59689 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49217 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63915 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49265 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49268 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59708 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49204 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63887 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.39:52826 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49308 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.12:54474 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.21:61059 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59704 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49306 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49285 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.55:63319 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63898 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63968 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63967 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49274 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49290 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.14.26:51103 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49291 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63908 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.39:52819 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59695 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51601 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49266 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49275 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49239 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49281 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49295 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49233 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59714 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49222 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59682 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49206 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49293 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51410 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.12.118:63884 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63891 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59687 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49278 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59702 TIME_WAIT
    tcp 0 0 172.16.12.1:12082 172.16.12.234:56233 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63943 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63945 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63900 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.14.26:51104 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59678 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59711 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63904 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51621 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.190:50762 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63927 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51610 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.39:52818 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59694 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.39:52806 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49269 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59685 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59696 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.190:50717 TIME_WAIT
    tcp 0 0 172.16.12.1:12082 172.16.12.179:53936 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.40:50909 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.55:63324 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.12.39:52831 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63902 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51618 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59674 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.39:52828 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51426 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.190:50653 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51437 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59673 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.58:51393 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.12:54484 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59686 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63971 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49208 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63881 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.190:50740 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59703 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.12:54478 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.12:54309 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49234 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.192:51390 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59677 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63966 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49237 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63930 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.12.118:63888 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63923 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49219 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51605 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49238 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.190:50688 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63906 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59709 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.20:50315 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.12:54482 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49288 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51624 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.20:50310 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63903 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.38:49254 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63895 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.40:50908 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.14.18:63944 ESTABLISHED
    tcp 0 0 172.16.12.1:12082 172.16.12.239:51247 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.39:52814 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49301 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.38:49251 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.12.118:63889 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49284 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49302 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59700 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.75:49205 ESTABLISHED
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51425 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59679 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59688 ESTABLISHED
    tcp 0 0 172.16.12.1:12082 172.16.16.:blueberry-lm TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.37:53891 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.16.104:59688 ESTABLISHED
    tcp 0 0 172.16.12.1:12082 172.16.16.:blueberry-lm TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.37:53891 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59697 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59716 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63897 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63901 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.118:63905 TIME_WAIT
    tcp 0 0 172.16.12.1:12081 172.16.16.75:49296 TIME_WAIT
    tcp 0 0 172.16.12.1:12080 172.16.12.58:51622 ESTABLISHED
    tcp 0 0 172.16.12.1:12081 172.16.16.104:59715 TIME_WAIT

    Is possible that a (inside) user have more than 1 tcp connection to the captive portal (172.16.12.1) on port 12080/1 ?
    I think no, so it means that is a “bad” user. I tried to “eliminate” he/she putting a rule in the firewall. But there is another problem: I should use the INPUT chain, but every rule that I add is always after the CapPort rules. (Using “View”). SO, even if I found who is the badboy I cannot (remotely) stop it.
    Please help me.
    Marco

    #51523

    I set an (empiric) value of 400 for MaxClients in

     /etc/httpd/CapPortAS.conf

    There are more places with this parameter, I think because for different hardware (but I am not sure).
    I use a virtual machine with 1GB of (virtual) RAM, so I think that there are no problems if I rise this parameter (from “150”).

    Anybody knows how to keep this file permanent ? (I think that at next reboot it come back as original). Please let me know. Thank you!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.