Caveat: not actually an "issue report", but there isn't a topic, so I picked the closest one. Don't panic.
I've been running the MiniUPnP daemon for about six months, we've seen no such issue, but I was wondering if anyone else has seen an instance of this attack or even if there's any possibility of it being a zero-day on ClearOS?
I'm suspecting not, but I wanted to raise a yellow caution-flag in case anyone else had been under a rock for the past few days and hadn't heard about this.
Akamai folks found it on a number of router boxen for "home" use:
Eternal Silence attack
ClearOS release 7.5.0 (Final), Kernel 3.10.0-862.11.6.v7.x86_64
Even though our installation doesn't appear to open this port, just to be safe, I added IPTABLES rule:
$ iptables -I INPUT 14 -i enp5s1 -p udp -m udp --dport 1900 -j DROP
which should drop any attempted connection to UDP port 1900 from the outside. It seems to work based on my limited testing and doesn't appear to damage anything else.
Anywhoo, just bringing this up because I felt pestered by it.
Happy firewalling everyone!
~Sam 'liverdonor' Felton
...I've tried using a legacy virtual NIC, no dice...
I got it working in Hyper-V on Windows 10 Enterprise. Finally.
Many thanks to Kari at this site: Ten Forums Tutorial
It wasn't enough to merely set the legacy NIC. It was also necessary to use the Generation 1 VM - Gen 2 apparently does not work. I had been told that downstream distros from Red Hat were capable of using Gen 2-type VMs but that apparently isn't always the case.
Gen 2 does work fine with Debian-descendants.
Still doesn't get us any closer to solving the OP's problem, though...
FYI, I've had the same issue on two different machines, in both cases in trying to install CoS7 in a VM. I've tried using a legacy virtual NIC, no dice. Both have different Realtek chipsets in the NICs (onboard, in both cases) - one's a 4-year-old Dell and the other's a 2-year-old Gigabyte MB with AMD chip/chipset. Hard to avoid the problem - I'd hazard a guess that 75% of the boards I've used in the last four years have Realtek chips on them.
Yeah, well, wishful thinking, I suppose. I have a pile of these machines which I am going to use one way or the other, so I might as well take this on.
If there's enough interest, I can put the results up on DropBox for others to use.
Thanks for the info and assistance.
Thanks, Nick Howitt.
I will definitely do this and try to get a build. If I do and it all works, do you think there's a snowball's chance in hell that the folks in charge of the distro might be persuaded to include it in an update? I guess I need to look at the mechanism for proposing updates (I know there is one, I just haven't read it yet. Lotta stuff to do.)
Also, just to complicate matters, I'm doing all this on my work computer in a Windows 10 Hyper-V VM Supposedly, the upstream distro (CentOS 7) includes LIS 4 built-in, so if I turn off secure boot I should be able to get this to work.
When/if I find out more, I will post it to the community. Esp. if it works.
Thanks for the help.
I had a look when you first posted and could not find out much about natsemi and when it was removed from the (upstream) kernel.
To build your own, start here. I would not bother with installing an editor unless you want to. ClearOS has vi (yuck!) and nano (better) or you can use the editor in WinSCP (built-in or something like notepad++). Go as far as running "clearos setup" which will create a bunch of things for you.
In your source it may have a readme or some other form of instructions which may build the module directly (perhaps "make" and "make install") or you can look ar rpmbuild to build an rpm to install.
One thing to bear in mind is that you will need to recompile the program every time the kernel goes through a minor kernel upgrade so you may want to block automatic kernel upgrades by adding "exclude=kernel*" to /etc/yum.conf. You can then re-allow them in a controlled way.
How about this, then - anyone have any idea or pointers to a HOWTO or some instructions as to how I might add the driver to a 3.x kernel from sources? I think I have found sources, but it seems a lot has changed from last time I did this (back in the 2.5.x days!) so any help would be appreciated. Just need to get up and building, I'll take it from there.
The 490 uses the Greencreek platform, yes? The 5000X chipset? That's ca. 2010 if memory serves (no pun intended). I'd guess you'd be OK... as long as your NICs are still supported. That was the gotcha that bit me when going from 6.7 to 7.1 - two of the three NICs in the machines I have as test platforms (and production, running 6.7) use a chipset (NatSemi MacPhyter, now owned by TI) that does not appear to be included in this distro anymore. I'd have to replace three machines with new if I want to use 7.1. Right now, not willing to spend the money so I'll just wait.