General connection problems to feed server

Archive Feed Services (GCF & GSF)
11

Add me to the list of people having the same problem:

root@scanner:~# nc -4vvv thefeedhost 873
nc: connect to thefeedhost port 873 (tcp) failed: Connection refused

root@scanner:~# nc -6vvv thefeedhost 873
Connection to thefeedhost 873 port [tcp/rsync] succeeded!

But nothing after that.

And running the rsync by hand:

root@scanner:~# /usr/bin/rsync -ltvvvvvvvvvvvvvrP --timeout 60 --delete --exclude private/ “rsync://thefeedhost:/nvt-feed” “/var/lib/openvas/plugins”
opening tcp connection to feedhost port 873
Connected to feedhost (2a0e:6b40:20:106:20c:29ff:fe67:cbb5)
msg checking charset: UTF-8
[Receiver] io timeout after 60 seconds – exiting
[Receiver] _exit_cleanup(code=30, file=io.c, line=204): entered
rsync error: timeout in data send/receive (code 30) at io.c(204) [Receiver=3.1.3]
[Receiver] _exit_cleanup(code=30, file=io.c, line=204): about to call exit(30)

root@scanner:~# /usr/bin/rsync -4ltvvvvvvvvvvvvvrP --timeout 160 --delete --exclude private/ “rsync://feedhost:/nvt-feed” “/var/lib/openvas/plugins”
opening tcp connection to feedhost port 873
rsync: failed to connect to feedhost (45.135.106.142): Connection refused (111)
[Receiver] _exit_cleanup(code=10, file=clientserver.c, line=127): entered
rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3]
[Receiver] _exit_cleanup(code=10, file=clientserver.c, line=127): about to call exit(10)

And one time it almost worked:

root@scanner:~# /usr/bin/rsync -ltvvvvvvvvvvvvvrP --delete --exclude private/ “rsync://feedhost:/nvt-feed” “/var/lib/openvas/plugins”
opening tcp connection to feedhost port 873
Connected to feedhost (2a0e:6b40:20:106:20c:29ff:fe67:cbb5)
msg checking charset: UTF-8
sending daemon args: --server --sender -vvvvvvvvvvvvvltre.iLsfxC . nvt-feed/ (5 args)
Greenbone community feed server - feedhost
This service is hosted by Greenbone Networks - feedhost

All transactions are logged.

If you have any questions, please use the Greenbone community portal.
See feedhost for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

(Client) Protocol versions: remote=31, negotiated=31
FILE_STRUCT_LEN=24, EXTRA_LEN=4
receiving incremental file list
Setting --timeout=10 to match server
[Receiver] io timeout after 10 seconds – exiting
[Receiver] _exit_cleanup(code=30, file=io.c, line=204): entered
rsync error: timeout in data send/receive (code 30) at io.c(204) [Receiver=3.1.3]
[Receiver] _exit_cleanup(code=30, file=io.c, line=204): about to call exit(30)

The rsync connected and then about 5 minutes later I got the Greenbone message. And then a minute or so later, I got the IO timeout.

And no, there’s no firewall. No NAT. No ACLs. I have full IPv6 connectivity. Anywhere where I’ve put “thefeedhost” I had to redact the feed hostname to make the forum software happy.

12

Same problem.

rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)

I get the same response from netcat as @Horfire:

root@kali:~# nc -vvv feed.community.greenbone.net 873
DNS fwd/rev mismatch: feed.community.greenbone.net != dl2.greenbone.net
feed.community.greenbone.net [45.135.106.142] 873 (rsync) : Connection refused
 sent 0, rcvd 0

I also attempted to use a VPN and got the same result regardless of the country I picked.

Tried the connection via both IPv4 and IPv6, from digital ocean (Toronto - Canada) and my home network.

13

Strange enough it works yesterday:

but now getting the “Connection refused” as well.

14

Try to turn NAT off, your device might allocate that session or your firewall might be broken.

15

Some one is doing a dDoS against the service, we are working on it. A SYN flood does not help at all, just locks every legitimate community user out.

2 Likes
16

We blocked some abusive networks not service is back with 10% rsync load …

You can check by:

nc -vvv feed.community.greenbone.net 873

Connection to feed.community.greenbone.net 873 port [tcp/rsync] succeeded!
@RSYNCD: 31.0
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/

[…]

4 Likes
17

Today, I tried again with gvm-setup on the same system and I did not make any changes. It started syncing sucessfully with no errors, but eventually failed after few minutes with the same 111 error.

oval/
oval/5.10/
oval/5.10/org.mitre.oval/
oval/5.10/org.mitre.oval/c/
oval/5.10/org.mitre.oval/c/oval.xml
        268,150 100%  437.90kB/s    0:00:00 (xfr#26, to-chk=9/44)
oval/5.10/org.mitre.oval/i/
oval/5.10/org.mitre.oval/i/oval.xml
      9,480,204 100%  390.07kB/s    0:00:23 (xfr#27, to-chk=8/44)
oval/5.10/org.mitre.oval/m/
oval/5.10/org.mitre.oval/m/oval.xml
        143,834 100%  185.31kB/s    0:00:00 (xfr#28, to-chk=7/44)
oval/5.10/org.mitre.oval/p/
oval/5.10/org.mitre.oval/p/oval.xml
     90,911,155 100%  398.88kB/s    0:03:42 (xfr#29, to-chk=6/44)
oval/5.10/org.mitre.oval/v/
oval/5.10/org.mitre.oval/v/family/
oval/5.10/org.mitre.oval/v/family/ios.xml
      2,012,118 100%  339.20kB/s    0:00:05 (xfr#30, to-chk=4/44)
oval/5.10/org.mitre.oval/v/family/macos.xml
        453,775 100%  326.32kB/s    0:00:01 (xfr#31, to-chk=3/44)
oval/5.10/org.mitre.oval/v/family/pixos.xml
         10,014 100%   33.96kB/s    0:00:00 (xfr#32, to-chk=2/44)
oval/5.10/org.mitre.oval/v/family/unix.xml
     31,372,831 100%  399.26kB/s    0:01:16 (xfr#33, to-chk=1/44)
oval/5.10/org.mitre.oval/v/family/windows.xml
     51,773,463 100%  398.49kB/s    0:02:06 (xfr#34, to-chk=0/44)

sent 2,753 bytes  received 1,036,990,140 bytes  409,635.75 bytes/sec
total size is 1,036,734,522  speedup is 1.00
[*] Updating: Cert Data
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]
[*] Checking Default scanner
08b69003-5fc2-4037-a479-93b440211c73  OpenVAS  /var/run/ospd/ospd.sock  0  OpenVAS Default
18

@Javier I have had some connection issues as well today but was able to download the feeds. Just took a couple attempts.

@Lukas Thank you for looking into this :slight_smile:

19

I was able to download the feed just fine this morning. Thank you for the update and info. I was going crazy trying to figure this out on my end.

20

I attempted manual updates this morning with very limited success. I chalked it up to everyone doing the same thing at the same time. I’ve got cron jobs set, so I’ll check them again in the morning.

21

I still seem to be facing connection issues. Why is that?

image
image1127×314 12.4 KB

nc -vvv feed.community.greenbone.net 873 gives connection refused too.

22

io timeout is a failure on your side, and your TCP connection is not correctly terminated.

Advice remove NAT device, connect your system direct to the internet.

23

just confused… sometimes nc -vvv feed.community.greenbone.net 873 works…
image
And I confirmed there is no NAT device and firewall doesn’t have natting nor is it blocking anything.
Can I do anything about the TCP connection that didn’t terminate properly?

24

Do you run on a native server or any hypervisor ? Be sure you have a briged connection.

25

Its a running on hypervisor. Not sure about the bridged connection. But it was working a week ago so I think this should not be the problem?

26

There could be your NAT gateway :wink:

28

From my hetzner server I get 0 connections to the feeds unfortunatly.
from my office I do get a feed connection, but as I want to install 3 sensor systems in our 3 offices, I thought to offload the community feed by mirroring it to our central server, unfortunatly… that one does not sync :frowning:

29

I’m having severe problems since the changes done lately as well, while the nightly cronjob worked well and without any issues in the past, now it doesn’t and I have to manually try multiple times to eventually get a successfull sync done for every single feed which is a huge annoyance. We don’t have any occurances in our firewall logs and like stated it worked just fine in the past, no changes done on our side.

host ~ # su -c greenbone-nvt-sync -s /bin/bash gvm
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]
host ~ # su -c greenbone-nvt-sync -s /bin/bash gvm
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]
host ~ # time su -c greenbone-nvt-sync -s /bin/bash gvm
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]

real    2m17,192s
user    0m0,032s
sys     0m0,029s
host ~ # time su -c greenbone-nvt-sync -s /bin/bash gvm
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]

real    2m14,817s
user    0m0,032s
sys     0m0,028s
host ~ # time su -c greenbone-nvt-sync -s /bin/bash gvm
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]

real    2m14,870s
user    0m0,037s
sys     0m0,023s
host ~ # time su -c greenbone-nvt-sync -s /bin/bash gvm
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]

real    2m14,215s
user    0m0,039s
sys     0m0,020s
host ~ # time su -c greenbone-nvt-sync -s /bin/bash gvm
rsync: [Receiver] failed to connect to feed.community.greenbone.net (45.135.106.142): Connection timed out (110)
rsync: [Receiver] failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]

real    2m15,974s
user    0m0,037s
sys     0m0,022s
30

That issue should be solved here, please read the important new rules !

31

If you try to brute force the synchronization, you will never be able to sync again.

The following IPs tried to sync more then 10.000 Times in the last 20h. Please keep in mind, >10 TCP SYN to any port within one minute and your source IP will be blocked for 24h automatically.

  11343 194.33.xx.xx
  11629 216.56.xx.xx
  12109 103.231.xx.xx
  13380 96.67.xx.xx
  14733 212.34.xx.xx
  16457 183.239.xx.xx
  17674 85.199.xx.xx
  19633 74.206.xx.xx
  20279 24.119.xx.xx
  20702 62.76.xx.xx
  27654 69.63.xx.xx