If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since september. Please use hippie2000@webnmail.de instead.



From BoxMatrix

BoxMatrix >> System >> NW_IPC_EVT_WEBSERVER_DOS_DETECTED @ BoxMatrix   -   IRC-Chat   -   Translate: de es fr it nl pl
News Selectors Models Accessories Components Environment Config Commands System Webif Software Develop Lexicon Community Project Gallery

Devices Filesystems Partitions Sockets Netlink Pipes Interfaces Bridges Ports Events Sources Sinks AVMIPC Processes Watchdogs Memory Slab Vmalloc ProcFS SysFS Research


Goto:   JSON-Data  -  Dependencies   -   Model-Matrix   -   Help Supportdata2   -   SMW-Browser


NW_IPC_EVT_WEBSERVER_DOS_DETECTED is a network event informing about a detected webserver DoS-Attack.
A DoS attack (Denial-of-Service) calls a service in a frequency that it exceeds the limits of its resources and breaks down[1].

Both, the sender and listener of this event are libcmapi.so for ctlmgr.

How the attack is detected is not yet clear, it may be derived from the new cratelimit functions of libavmcsock.so.
Once detected libcmapi.so sends this network event and calls the websrv_notify_dos_attack function of libwebsrv.so
to inform all local and remote webserver instances about the attack.

The JSON-Data below is empty since there is no fw 7.39 Supportdata2 probe with a detected DoS attack.
It likely will have a JSON attachment with details about the origin of the attacck.


Sample output of a 7530 fw 7.39 calling aicmd avmipcd datastore query NW_IPC_EVT_WEBSERVER_DOS_DETECTED full.
If the sample contains a size info then it's a snippet of aicmd avmipcd datastore show full from Supportdata2.

@NW_IPC_EVT_WEBSERVER_DOS_DETECTED    : size    0, set by remote, local:_anony-ctlmgr-1862-1661545013


Daily updated index of all dependencies of this event. Last update: 2023-02-05 05:15 GMT.
A ** in the Mod column marks info from Supportdata2 probes, which will always stay incomplete.
A - in the Mod column marks manual research, the Firmware then shows where the Object occurs, not the Relation.

Relation Typ Object Mod Firmware Info Origin
Listener sock me_anony-ctlmgr-($num)-($num).ctl 11** 7.39 - 7.51 Anonymous avmipc endpoint of ctlmgr AVM
Sender cmd ctlmgr (avmcmd) - 1.120 - 7.51 System meta daemon also serving the Webinterface. AVM
Sender lib libcmapi.so - 6.35 - 7.51 API library for ctlmgr and its plugins. AVM
3 dependencies for this event


Daily updated index of the presence, path and size of this event for each model. Last update: 2023-02-05 05:15 GMT.
Showing all models using this event. Click any column header (click-wait-click) to sort the list by the respective data.
The (main/scrpn/boot/arm/prx/atom) label in the Model column shows which CPU is meant for models with multiple Linux instances.
Note that this list comes from Supportdata2 probes, which can have arbitrary settings and come from different firmware versions.
It doesn't say much if a model is not listed here. It may be a missing supportdata2 file or just a disabled feature.

Help Supportdata2

The data in this article is incomplete since it was manually collected using the Supportdata2 project.

Unlike the Supportdata-Probes which have been collected for years Supportdata2 is brand new and only has a few probes.
If you have access to a shell then please help to extend the Supportdata2 collection to improve this data.

It's easy and it's done in minutes. Please send created data as an Email attachment to the address listed here. Thanks!



Information is currently being retrieved from the backend.


Showing 1 related property.