On Dec 22, 2017, at 10:20 AM, Olivier R. <m...@grammalecte.net> wrote:
> 
> Le 22/12/2017 à 16:10, Warren Young a écrit :
> 
>> 1. Your repo is public-facing.  Is this a reasonable number of
>> clients to be connected at any given time to this repo?  It seems
>> high to me, given the transient nature of most Fossil connections.
> 
> Only two devs have the right to modify the online repository.
> I’d be surprised if there were more than 5 people connected to this repo at 
> the same time.

Your first netstat -na output shows 24 established connections, most to 
distinct remote peer IPs.

Additionally, Fossil connections tend to be short-lived due to the nature of 
Fossil.  Even if you have someone “actively” working with Fossil, the 
connections will come and go rapidly in a series, not have a single long-lived 
connection.

Therefore, one of two things is happening:

1. You have a high rate of connections to the server, so that at any one time, 
we can see dozens of them.  Disproving this hypothesis is the purpose of the 
tshark test.

2. You have connections that stay open for a long time, which suggests:

2a. A connection handle leak.  But if this were common, lots of people would 
have found it before you.

2b. Bad actors on those remote hosts, which is why I bought up the possibility 
of a botnet attack.

If we have a 2b case, then you’d want to find some way to identify the 
connections somehow, so that you can block them.

> I assume that people who go to dev section are not the majority. Maybe 20 
> visitors per day if I’m optimistic…

20 *legitimate* visitors.  That doesn’t count those hitting your site for no 
good reason, which does happen on the wild Internet.

> I’ve added the user to the “wireshark” group, but it doesn’t work.

You have to log out and back in before group changes will take effect.

> Same error message if i run this as root.

Better to follow tshark’s advice and run it as a normal user, with group 
privileges allowing network capture.

_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Reply via email to