Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 668B4102EB for ; Sun, 8 Sep 2013 11:41:32 +0000 (UTC) Received: (qmail 62047 invoked by uid 500); 8 Sep 2013 11:41:30 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 61867 invoked by uid 500); 8 Sep 2013 11:41:29 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 61859 invoked by uid 99); 8 Sep 2013 11:41:28 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Sep 2013 11:41:28 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of bluethundr@gmail.com designates 209.85.223.179 as permitted sender) Received: from [209.85.223.179] (HELO mail-ie0-f179.google.com) (209.85.223.179) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 08 Sep 2013 11:41:21 +0000 Received: by mail-ie0-f179.google.com with SMTP id m16so8584998ieq.38 for ; Sun, 08 Sep 2013 04:41:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:from:content-type:in-reply-to:message-id:date:to :content-transfer-encoding:mime-version; bh=rrnlYRErkYbkSVBLKs1BgdadT6i3R8+52mG/bAsgxdM=; b=gMLB70wFoEpThekoSSeX12r3x4F8Gs3wXZDvX9UZv67ZJK9sMkoNDDtlJNEQgs4FN4 bh3KPOGGa5AJkyBlpImKyJu6wcGPbNEjtlbwKBlyZgehakJQ2vcO0LWDVrETDP3GRl7p I59h9fZmIXzjGWFbKrruderNA2o6aLTGA9ifemIBT0nH+p3K5AM0SRhxZPktnlgcxud4 KjEPdr7ggJeLzFg1Dy3DAnmoFl9KTnvqBdktlBNUGV3WuSVA2UcEV4XpOWGI+2WWtMtf ANpio4aAq63QUGFknNjknkSeh3Ew47YTP83gKOu9S2krvsazDmiVfPy+9qiOPvkG/tLc gaLA== X-Received: by 10.50.33.38 with SMTP id o6mr4660291igi.52.1378640460715; Sun, 08 Sep 2013 04:41:00 -0700 (PDT) Received: from [10.237.177.143] (mobile-198-228-206-002.mycingular.net. [198.228.206.2]) by mx.google.com with ESMTPSA id p5sm9393568igj.10.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 08 Sep 2013 04:40:59 -0700 (PDT) Subject: Re: w00tw00t.at.ISC.SANS.DFind not found References: From: Tim Dunphy Content-Type: multipart/alternative; boundary=Apple-Mail-D419EEDF-C4E3-45B8-A59F-AEC216922009 X-Mailer: iPhone Mail (10B350) In-Reply-To: Message-Id: Date: Sun, 8 Sep 2013 07:40:57 -0400 To: "user@cassandra.apache.org" Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (1.0) X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail-D419EEDF-C4E3-45B8-A59F-AEC216922009 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Richard, Good advice. Thank you! I'll work on tuning IP tables so that only my other C= assandra nodes can connect to mx4j. Good thing I caught this, I was just mak= ing sure JNA was working when I saw this! Sent from my iPhone On Sep 8, 2013, at 5:40 AM, Richard Low wrote: > On 8 September 2013 02:55, Tim Dunphy wrote: >> Hey all, >>=20 >> I'm seeing this exception in my cassandra logs: >>=20 >> Exception during http request >> mx4j.tools.adaptor.http.HttpException: file mx4j/tools/adaptor/http/xsl/w= 00tw00t.at.ISC.SANS.DFind:) not found >> at mx4j.tools.adaptor.http.XSLTProcessor.notFoundElement(XSLTProc= essor.java:314) >> at mx4j.tools.adaptor.http.HttpAdaptor.findUnknownElement(HttpAda= ptor.java:800) >> at mx4j.tools.adaptor.http.HttpAdaptor$HttpClient.run(HttpAdaptor= .java:976) >>=20 >> Do I need to be concerned about the security of this server? How can I co= rrect/eliminate this error message? I've just upgraded to Cassandra 2.0 ,and= this is the first time I've seen this error.=20 >=20 > There is a web vulnerability scanner that does "GET /w00tw00t.at.ISC.SANS.= DFind:)" on anything it thinks is HTTP. This probably means your mx4j port i= s open to the public which is a security issue. This means anyone can e.g. d= elete all your data or stop your Cassandra nodes. You should make sure that= all your Cassandra ports (at least) are firewalled so only you and other no= des can connect. >=20 > Richard. --Apple-Mail-D419EEDF-C4E3-45B8-A59F-AEC216922009 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit
Richard,

Good advice. Thank you! I'll work on tuning IP tables so that only my other Cassandra nodes can connect to mx4j. Good thing I caught this, I was just making sure JNA was working when I saw this!

Sent from my iPhone

On Sep 8, 2013, at 5:40 AM, Richard Low <richard@wentnet.com> wrote:

On 8 September 2013 02:55, Tim Dunphy <bluethundr@gmail.com> wrote:
Hey all,

 I'm seeing this exception in my cassandra logs:

Exception during http request
mx4j.tools.adaptor.http.HttpException: file mx4j/tools/adaptor/http/xsl/w00tw00t.at.ISC.SANS.DFind:) not found
        at mx4j.tools.adaptor.http.XSLTProcessor.notFoundElement(XSLTProcessor.java:314)
        at mx4j.tools.adaptor.http.HttpAdaptor.findUnknownElement(HttpAdaptor.java:800)
        at mx4j.tools.adaptor.http.HttpAdaptor$HttpClient.run(HttpAdaptor.java:976)

Do I need to be concerned about the security of this server? How can I correct/eliminate this error message? I've just upgraded to Cassandra 2.0 ,and this is the first time I've seen this error. 

There is a web vulnerability scanner that does "GET /w00tw00t.at.ISC.SANS.DFind:)" on anything it thinks is HTTP.  This probably means your mx4j port is open to the public which is a security issue.  This means anyone can e.g. delete all your data or stop your Cassandra nodes.  You should make sure that all your Cassandra ports (at least) are firewalled so only you and other nodes can connect.

Richard.
--Apple-Mail-D419EEDF-C4E3-45B8-A59F-AEC216922009--