If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since years. Please use hippie2000@webnmail.de instead.
Property:NW IPC EVT WEBSERVER DOS DETECTED
| BoxMatrix >> System >> NW_IPC_EVT_WEBSERVER_DOS_DETECTED | @ BoxMatrix - IRC-Chat - Translate: de es fr it nl pl |
| News | Selectors | Models | Accessories | Components | Environment | Config | Commands | System | Webif | Software | Develop | Lexicon | Community | Project | Media |
| Devices | Filesystems | Partitions | Sockets | Netlink | Pipes | Interfaces | Bridges | Ports | Events | Sources | Sinks | AVMIPC | Processes | Watchdogs | Memory | Slab | Vmalloc | ProcFS | SysFS | Research |
AVMIPC-Event
| AVMIPC-Event: | NW_IPC_EVT_WEBSERVER_DOS_DETECTED - type Event | Wiki | Freetz | IPPF | whmf | AVM | Web |
| Location: | System >> AVMIPC-Datastore - Origin: AVM | ||||||
| Listeners: | me_anony-ctlmgr-($num)-($num).ctl | ||||||
| Properties: | Firmware: 7.39 - 7.90 - Senders: ctlmgr, libcmapi.so | ||||||
| Function: | Network event informing about a detected webserver DoS-Attack. | ||||||
Goto: JSON-Data - Dependencies - Model-Matrix - Help Supportdata2 - SMW-Browser
Details
NW_IPC_EVT_WEBSERVER_DOS_DETECTED is a network event informing about a detected webserver DoS-Attack.
A DoS attack (Denial-of-Service) calls a service in a frequency that it exceeds the limits of its resources and breaks down[1].
Both, the sender and listener of this event are libcmapi.so for ctlmgr.
How the attack is detected is not yet clear, it may be derived from the new cratelimit functions of libavmcsock.so.
Once detected libcmapi.so sends this network event and calls the websrv_notify_dos_attack function of libwebsrv.so
to inform all local and remote webserver instances about the attack.
The JSON-Data below is empty since there is no fw 7.39 Supportdata2 probe with a detected DoS attack.
It likely will have a JSON attachment with details about the origin of the attacck.
JSON-Data
Sample output of a 7530 fw 7.39 calling aicmd avmipcd datastore query NW_IPC_EVT_WEBSERVER_DOS_DETECTED full.
If the sample contains a size info then it's a snippet of aicmd avmipcd datastore show full from Supportdata2.
@NW_IPC_EVT_WEBSERVER_DOS_DETECTED : size 0, set by remote, local:_anony-ctlmgr-1862-1661545013
Dependencies
Daily updated index of all dependencies of this event. Last update: 2024-11-15 05:19 GMT.
A ** in the Mod column marks info from Supportdata2 probes, which will always stay incomplete.
A - in the Mod column marks manual research, the Firmware then shows where the Object occurs, not the Relation.
| Relation | Typ | Object | Mod | Firmware | Info | Origin |
|---|---|---|---|---|---|---|
| Listener | sock | me_anony-ctlmgr-($num)-($num).ctl | 13** | 7.39 - 7.90 | Anonymous avmipc endpoint of ctlmgr | AVM |
| Sender | cmd | ctlmgr (avmcmd) | - | 1.120 - 8.00 | System meta daemon also serving the Webinterface. | AVM |
| Sender | lib | libcmapi.so | - | 6.35 - 8.00 | API library for ctlmgr and its plugins. | AVM |
| 3 dependencies for this event | ||||||
Model-Matrix
Daily updated index of the presence, path and size of this event for each model. Last update: 2024-11-15 05:19 GMT.
Showing all models using this event. Click any column header (click-wait-click) to sort the list by the respective data.
The (main/scrpn/boot/arm/prx/atom/rtl) label in the Model column shows which CPU is meant for Multi-Linux models.
Note that this list comes from Supportdata2 probes, which can have arbitrary settings and come from different firmware versions.
It doesn't say much if a model is not listed here. It may be a missing supportdata2 file or just a disabled feature.
| Model | Firmware | Listeners | Size |
|---|---|---|---|
| FRITZ!Box 4060 | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 6490 Cable (arm) | 7.39 | - | 0 |
| FRITZ!Box 6490 Cable (atom) | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 6850 LTE | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 6850 5G | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 7490 | 7.39 - 7.51 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 7520 | 7.50 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 7530 | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 7530 AX | 7.39 - 7.51 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 7590 | 7.57 - 7.90 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Box 7590 AX | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Smart Gateway | 7.57 - 7.58 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Repeater 1200 AX | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| FRITZ!Repeater 6000 | 7.39 | me_anony-ctlmgr-($num)-($num).ctl | 0 |
| 14 models use this event | |||
Help Supportdata2
The data in this article is incomplete since it was manually collected using the Supportdata2 project.
Unlike the Supportdata-Probes which have been collected for years Supportdata2 is brand new and only has a few probes.
If you have access to a shell then please help to extend the Supportdata2 collection to improve this data.
It's easy and it's done in minutes. Please send created data as an Email attachment to the address listed here. Thanks!
