0

LDAP reflected ddos

Posted by EvolutionCrazy on Jul 5, 2017 in networking

LDAP reflected ddos

tcpdump -nn -i em1 udp and port 389
 
15:35:36.667005 IP 75.99.0.158.389 > x.x.x.x.4829: UDP, length 2804
15:35:36.667065 IP 192.162.242.123.389 > x.x.x.x.45750: UDP, length 2993
15:35:36.667105 IP 210.3.1.38.389 > x.x.x.x.61703: UDP, length 2687
15:35:36.667260 IP 210.211.126.112.389 > x.x.x.x.61703: UDP, length 2591
15:35:36.667318 IP 88.198.78.124.389 > x.x.x.x.18313: UDP, length 2955
15:35:36.667407 IP 192.186.71.248.389 > x.x.x.x.45750: UDP, length 3088
15:35:36.667420 IP 193.158.199.220.389 > x.x.x.x.45750: UDP, length 2582
15:35:36.667453 IP 108.60.201.51.389 > x.x.x.x.27164: UDP, length 2969
15:35:36.667472 IP 211.144.154.13.389 > x.x.x.x.61703: UDP, length 2395
15:35:36.667551 IP 78.140.59.119.389 > x.x.x.x.4829: UDP, length 2368
15:35:36.667562 IP 197.231.192.44.389 > x.x.x.x.45750: UDP, length 2959
15:35:36.667575 IP 185.104.180.89.389 > x.x.x.x.29749: UDP, length 3009
15:35:36.667600 IP 108.31.185.59.389 > x.x.x.x.27164: UDP, length 2474
15:35:36.667652 IP 76.16.250.71.389 > x.x.x.x.4829: UDP, length 2622
15:35:36.667708 IP 185.3.168.182.389 > x.x.x.x.29749: UDP, length 2816
15:35:36.667798 IP 196.6.233.18.389 > x.x.x.x.45750: UDP, length 2538
15:35:36.667845 IP 91.106.91.12.389 > x.x.x.x.18313: UDP, length 2863
15:35:36.667869 IP 89.218.64.42.389 > x.x.x.x.18313: UDP, length 2799
15:35:36.667909 IP 193.140.41.174.389 > x.x.x.x.45750: UDP, length 3046
15:35:36.667982 IP 76.213.157.105.389 > x.x.x.x.4829: UDP, length 2894
15:35:36.668086 IP 196.30.230.54.389 > x.x.x.x.45750: UDP, length 2706
15:35:36.668188 IP 75.99.131.234.389 > x.x.x.x.4829: UDP, length 2516
15:35:36.668218 IP 196.11.102.164.389 > x.x.x.x.45750: UDP, length 2798
15:35:36.668248 IP 184.69.98.206.389 > x.x.x.x.29749: UDP, length 2857
15:35:36.668267 IP 121.40.104.130.389 > x.x.x.x.27164: UDP, length 2589
15:35:36.668284 IP 109.166.208.171.389 > x.x.x.x.27164: UDP, length 2772
15:35:36.668343 IP 108.74.106.227.389 > x.x.x.x.27164: UDP, length 2904
15:35:36.668383 IP 88.150.147.131.389 > x.x.x.x.18313: UDP, length 2966
15:35:36.668421 IP 88.198.222.112.389 > x.x.x.x.18313: UDP, length 2714
15:35:36.668463 IP 184.106.234.128.389 > x.x.x.x.29749: UDP, length 2631
15:35:36.668468 IP 88.198.90.43.389 > x.x.x.x.18313: UDP, length 1782
15:35:36.668487 IP 194.247.240.50.389 > x.x.x.x.45750: UDP, length 2937
15:35:36.668641 IP 88.84.197.162.389 > x.x.x.x.18313: UDP, length 1785
15:35:36.668835 IP 115.124.66.19.389 > x.x.x.x.27164: UDP, length 2929
15:35:36.668888 IP 119.160.218.42.389 > x.x.x.x.27164: UDP, length 2497
15:35:36.668920 IP 76.104.14.11.389 > x.x.x.x.4829: UDP, length 2566
15:35:36.668944 IP 112.74.167.244.389 > x.x.x.x.27164: UDP, length 2873
15:35:36.669013 IP 116.12.189.33.389 > x.x.x.x.27164: UDP, length 2628
15:35:36.669163 IP 184.106.250.48.389 > x.x.x.x.29749: UDP, length 2600
15:35:36.669215 IP 115.90.181.114.389 > x.x.x.x.27164: UDP, length 2469
15:35:36.669396 IP 196.15.180.8.389 > x.x.x.x.45750: UDP, length 2632
15:35:36.669400 IP 196.15.180.62.389 > x.x.x.x.45750: UDP, length 2684
15:35:36.669417 IP 109.166.153.104.389 > x.x.x.x.27164: UDP, length 2362
15:35:36.669422 IP 197.148.64.80.389 > x.x.x.x.45750: UDP, length 2711
15:35:36.669463 IP 184.106.234.46.389 > x.x.x.x.29749: UDP, length 2747
15:35:36.669535 IP 88.208.119.250.389 > x.x.x.x.18313: UDP, length 3051
15:35:36.669548 IP 88.220.122.52.389 > x.x.x.x.18313: UDP, length 2868
15:35:36.669755 IP 197.81.233.50.389 > x.x.x.x.45750: UDP, length 2472
15:35:36.669766 IP 196.214.87.66.389 > x.x.x.x.45750: UDP, length 2623
15:35:36.669821 IP 88.198.203.195.389 > x.x.x.x.18313: UDP, length 1917
15:35:36.669942 IP 115.178.16.249.389 > x.x.x.x.27164: UDP, length 2996
15:35:36.670003 IP 184.147.198.111.389 > x.x.x.x.29749: UDP, length 2553
15:35:36.670044 IP 75.99.203.190.389 > x.x.x.x.4829: UDP, length 3046
15:35:36.670212 IP 197.249.132.72.389 > x.x.x.x.45750: UDP, length 2449
15:35:36.670286 IP 88.150.188.42.389 > x.x.x.x.18313: UDP, length 2914
15:35:36.670297 IP 184.155.25.26.389 > x.x.x.x.29749: UDP, length 2881
15:35:36.670411 IP 88.82.192.243.389 > x.x.x.x.18313: UDP, length 2501
15:35:36.670414 IP 186.115.11.67.389 > x.x.x.x.4829: UDP, length 2682
15:35:36.670549 IP 75.99.161.82.389 > x.x.x.x.4829: UDP, length 2861
15:35:36.670583 IP 77.120.243.225.389 > x.x.x.x.4829: UDP, length 2508
15:35:36.670657 IP 193.248.203.67.389 > x.x.x.x.45750: UDP, length 2931
15:35:36.670688 IP 75.35.145.219.389 > x.x.x.x.4829: UDP, length 2897
15:35:36.670819 IP 184.149.19.174.389 > x.x.x.x.29749: UDP, length 2579
15:35:36.671004 IP 197.159.49.36.389 > x.x.x.x.45750: UDP, length 2936
15:35:36.671027 IP 79.175.176.14.389 > x.x.x.x.4829: UDP, length 2891
15:35:36.671055 IP 108.29.161.26.389 > x.x.x.x.27164: UDP, length 2561
15:35:36.671075 IP 200.116.120.158.389 > x.x.x.x.45750: UDP, length 2892
15:35:36.671101 IP 196.15.180.2.389 > x.x.x.x.45750: UDP, length 2640
15:35:36.671186 IP 88.159.158.30.389 > x.x.x.x.18313: UDP, length 2574
15:35:36.671228 IP 108.29.99.165.389 > x.x.x.x.27164: UDP, length 2946
15:35:36.671256 IP 88.198.1.28.389 > x.x.x.x.18313: UDP, length 2949

sample packet:

15:37:21.996866 IP (tos 0x0, ttl 117, id 18284, offset 0, flags [+], proto UDP (17), length 1500)
    179.210.166.177.389 > x.x.x.x.45750: UDP, length 2905
	0x0000:  4500 05dc 476c 2000 7511 9265 b3d2 a6b1  E...Gl..u..e....
	0x0010:  2ea6 bd15 0185 b2b6 0b61 9566 3084 0000  .........a.f0...
	0x0020:  0b3d 0201 0764 8400 000b 3404 0030 8400  .=...d....4..0..
	0x0030:  000b 2c30 8400 0000 2604 0b63 7572 7265  ..,0....&..curre
	0x0040:  6e74 5469 6d65 3184 0000 0013 0411 3230  ntTime1.......20
	0x0050:  3137 3037 3035 3135 3337 3232 2e30 5a30  170705153722.0Z0
	0x0060:  8400 0000 5504 1173 7562 7363 6865 6d61  ....U..subschema
	0x0070:  5375 6265 6e74 7279 3184 0000 003c 043a  Subentry1....<.:
	0x0080:  434e 3d41 6767 7265 6761 7465 2c43 4e3d  CN=Aggregate,CN=
	0x0090:  5363 6865 6d61 2c43 4e3d 436f 6e66 6967  Schema,CN=Config
	0x00a0:  7572 6174 696f 6e2c 4443 3d45 434f 5445  uration,DC=ECOTE
	0x00b0:  502c 4443 3d6c 6f63 616c 3084 0000 0086  P,DC=local0.....
	0x00c0:  040d 6473 5365 7276 6963 654e 616d 6531  ..dsServiceName1
	0x00d0:  8400 0000 7104 6f43 4e3d 4e54 4453 2053  ....q.oCN=NTDS.S
	0x00e0:  6574 7469 6e67 732c 434e 3d45 434f 5352  ettings,CN=ECOSR
	0x00f0:  5630 322c 434e 3d53 6572 7665 7273 2c43  V02,CN=Servers,C
	0x0100:  4e3d 4465 6661 756c 742d 4669 7273 742d  N=Default-First-
	0x0110:  5369 7465 2d4e 616d 652c 434e 3d53 6974  Site-Name,CN=Sit
	0x0120:  6573 2c43 4e3d 436f 6e66 6967 7572 6174  es,CN=Configurat
	0x0130:  696f 6e2c 4443 3d45 434f 5445 502c 4443  ion,DC=ECOTEP,DC
	0x0140:  3d6c 6f63 616c 3084 0000 00ca 040e 6e61  =local0.......na
	0x0150:  6d69 6e67 436f 6e74 6578 7473 3184 0000  mingContexts1...
	0x0160:  00b4 0412 4443 3d45 434f 5445 502c 4443  ....DC=ECOTEP,DC
	0x0170:  3d6c 6f63 616c 0423 434e 3d43 6f6e 6669  =local.#CN=Confi
	0x0180:  6775 7261 7469 6f6e 2c44 433d 4543 4f54  guration,DC=ECOT
	0x0190:  4550 2c44 433d 6c6f 6361 6c04 2d43 4e3d  EP,DC=local.-CN=
	0x01a0:  5363 6865 6d61 2c43 4e3d 436f 6e66 6967  Schema,CN=Config
	0x01b0:  7572 6174 696f 6e2c 4443 3d45 434f 5445  uration,DC=ECOTE
	0x01c0:  502c 4443 3d6c 6f63 616c 0424 4443 3d44  P,DC=local.$DC=D
	0x01d0:  6f6d 6169 6e44 6e73 5a6f 6e65 732c 4443  omainDnsZones,DC
	0x01e0:  3d45 434f 5445 502c 4443 3d6c 6f63 616c  =ECOTEP,DC=local
	0x01f0:  0424 4443 3d46 6f72 6573 7444 6e73 5a6f  .$DC=ForestDnsZo
	0x0200:  6e65 732c 4443 3d45 434f 5445 502c 4443  nes,DC=ECOTEP,DC
	0x0210:  3d6c 6f63 616c 3084 0000 0030 0414 6465  =local0....0..de
	0x0220:  6661 756c 744e 616d 696e 6743 6f6e 7465  faultNamingConte
	0x0230:  7874 3184 0000 0014 0412 4443 3d45 434f  xt1.......DC=ECO
	0x0240:  5445 502c 4443 3d6c 6f63 616c 3084 0000  TEP,DC=local0...
	0x0250:  004a 0413 7363 6865 6d61 4e61 6d69 6e67  .J..schemaNaming
	0x0260:  436f 6e74 6578 7431 8400 0000 2f04 2d43  Context1..../.-C
	0x0270:  4e3d 5363 6865 6d61 2c43 4e3d 436f 6e66  N=Schema,CN=Conf
	0x0280:  6967 7572 6174 696f 6e2c 4443 3d45 434f  iguration,DC=ECO
	0x0290:  5445 502c 4443 3d6c 6f63 616c 3084 0000  TEP,DC=local0...
	0x02a0:  0047 041a 636f 6e66 6967 7572 6174 696f  .G..configuratio
	0x02b0:  6e4e 616d 696e 6743 6f6e 7465 7874 3184  nNamingContext1.
	0x02c0:  0000 0025 0423 434e 3d43 6f6e 6669 6775  ...%.#CN=Configu
	0x02d0:  7261 7469 6f6e 2c44 433d 4543 4f54 4550  ration,DC=ECOTEP
	0x02e0:  2c44 433d 6c6f 6361 6c30 8400 0000 3304  ,DC=local0....3.
	0x02f0:  1772 6f6f 7444 6f6d 6169 6e4e 616d 696e  .rootDomainNamin
	0x0300:  6743 6f6e 7465 7874 3184 0000 0014 0412  gContext1.......
	0x0310:  4443 3d45 434f 5445 502c 4443 3d6c 6f63  DC=ECOTEP,DC=loc
	0x0320:  616c 3084 0000 03a9 0410 7375 7070 6f72  al0.......suppor
	0x0330:  7465 6443 6f6e 7472 6f6c 3184 0000 0391  tedControl1.....
	0x0340:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0350:  2e31 2e34 2e33 3139 0416 312e 322e 3834  .1.4.319..1.2.84
	0x0360:  302e 3131 3335 3536 2e31 2e34 2e38 3031  0.113556.1.4.801
	0x0370:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0380:  2e31 2e34 2e34 3733 0416 312e 322e 3834  .1.4.473..1.2.84
	0x0390:  302e 3131 3335 3536 2e31 2e34 2e35 3238  0.113556.1.4.528
	0x03a0:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x03b0:  2e31 2e34 2e34 3137 0416 312e 322e 3834  .1.4.417..1.2.84
	0x03c0:  302e 3131 3335 3536 2e31 2e34 2e36 3139  0.113556.1.4.619
	0x03d0:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x03e0:  2e31 2e34 2e38 3431 0416 312e 322e 3834  .1.4.841..1.2.84
	0x03f0:  302e 3131 3335 3536 2e31 2e34 2e35 3239  0.113556.1.4.529
	0x0400:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0410:  2e31 2e34 2e38 3035 0416 312e 322e 3834  .1.4.805..1.2.84
	0x0420:  302e 3131 3335 3536 2e31 2e34 2e35 3231  0.113556.1.4.521
	0x0430:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0440:  2e31 2e34 2e39 3730 0417 312e 322e 3834  .1.4.970..1.2.84
	0x0450:  302e 3131 3335 3536 2e31 2e34 2e31 3333  0.113556.1.4.133
	0x0460:  3804 1631 2e32 2e38 3430 2e31 3133 3535  8..1.2.840.11355
	0x0470:  362e 312e 342e 3437 3404 1731 2e32 2e38  6.1.4.474..1.2.8
	0x0480:  3430 2e31 3133 3535 362e 312e 342e 3133  40.113556.1.4.13
	0x0490:  3339 0417 312e 322e 3834 302e 3131 3335  39..1.2.840.1135
	0x04a0:  3536 2e31 2e34 2e31 3334 3004 1731 2e32  56.1.4.1340..1.2
	0x04b0:  2e38 3430 2e31 3133 3535 362e 312e 342e  .840.113556.1.4.
	0x04c0:  3134 3133 0417 322e 3136 2e38 3430 2e31  1413..2.16.840.1
	0x04d0:  2e31 3133 3733 302e 332e 342e 3904 1832  .113730.3.4.9..2
	0x04e0:  2e31 362e 3834 302e 312e 3131 3337 3330  .16.840.1.113730
	0x04f0:  2e33 2e34 2e31 3004 1731 2e32 2e38 3430  .3.4.10..1.2.840
	0x0500:  2e31 3133 3535 362e 312e 342e 3135 3034  .113556.1.4.1504
	0x0510:  0417 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0520:  2e31 2e34 2e31 3835 3204 1631 2e32 2e38  .1.4.1852..1.2.8
	0x0530:  3430 2e31 3133 3535 362e 312e 342e 3830  40.113556.1.4.80
	0x0540:  3204 1731 2e32 2e38 3430 2e31 3133 3535  2..1.2.840.11355
	0x0550:  362e 312e 342e 3139 3037 0417 312e 322e  6.1.4.1907..1.2.
	0x0560:  3834 302e 3131 3335 3536 2e31 2e34 2e31  840.113556.1.4.1
	0x0570:  3934 3804 1731 2e32 2e38 3430 2e31 3133  948..1.2.840.113
	0x0580:  3535 362e 312e 342e 3139 3734 0417 312e  556.1.4.1974..1.
	0x0590:  322e 3834 302e 3131 3335 3536 2e31 2e34  2.840.113556.1.4
	0x05a0:  2e31 3334 3104 1731 2e32 2e38 3430 2e31  .1341..1.2.840.1
	0x05b0:  3133 3535 362e 312e 342e 3230 3236 0417  13556.1.4.2026..
	0x05c0:  312e 322e 3834 302e 3131 3335 3536 2e31  1.2.840.113556.1
	0x05d0:  2e34 2e32 3036 3404 1731 2e32            .4.2064..1.2

Tags:

 
0

DDoS reflection attacks – udp 1900

Posted by EvolutionCrazy on Aug 12, 2014 in networking

So it happened… today a company I work with received their first ddos attack with source port 1900 udp.

Recorded attack peak was 1301 MBit/s with 530463 packets/s

I didn’t had the time to take a full network traffic dump as the attack cheased shortly, these were three most offending attackers in case someone is looking for additional infos/reasearches/inspections:

77.109.241.234
74.36.12.13
218.65.201.212
Nmap scan report for adsl-77-109-241-234.kymp.net (77.109.241.234) 
Host is up (0.098s latency). 
 
PORT STATE SERVICE 
1900/udp open|filtered upnp 
Too many fingerprints match this host to give specific OS details
Nmap scan report for 74-36-12-13.dr01.aurr.mn.frontiernet.net (74.36.12.13) 
Host is up (0.022s latency). 
 
PORT STATE SERVICE 
1900/udp open|filtered upnp 
 
Aggressive OS guesses: Aerohive HiveAP 320 WAP (HiveOS 3.4) (95%), AirMagnet SmartEdge wireless sensor, or Foxcam FI8904 or Instar IN-3010 surveillance camera (95%), Allnet 2210 webcam, Cisco MDS 9124 or 9216i switch (SAN-OS 3.1 - 3.2), or Nortel IP Phone 1535 (95%), Aruba 3400 or 6000 wireless LAN controller (ArubaOS 3.3.2) (95%), AT&T 3G MicroCell WAP (95%), Avocent AutoView or DSR2020 KVM switch (95%), Avocent DSR1021 KVM switch (95%), AXIS 211A Network Camera (Linux 2.6) (95%), AXIS 211A Network Camera (Linux 2.6.20) (95%), Buffalo TeraStation Pro III NAS device (95%) 
No exact OS matches for host (test conditions non-ideal).
Nmap scan report for 218.65.201.212 
Host is up (0.020s latency). 
 
PORT STATE SERVICE 
1900/udp open|filtered upnp 
 
Aggressive OS guesses: Sphairon Turbolink IAD DSL modem (97%), 3Com OfficeConnect 3CRWER100-75 wireless broadband router (96%), 3Com OfficeConnect 3CRWER100-75 wireless router (96%), Aastra RFP L32 IP DECT WAP (96%), Acorp W400G or W422G wireless ADSL modem (MontaVista embedded Linux 2.4.17) (96%), Actiontec GT701 DSL modem (96%), Aerohive HiveAP 320 WAP (HiveOS 3.4) (96%), AirMagnet SmartEdge wireless sensor, or Foxcam FI8904 or Instar IN-3010 surveillance camera (96%), Alcatel-Lucent OmniPCX Enterprise PBX (Linux 2.4.17) (96%), Sirio by Alice VoIP phone (96%) 
No exact OS matches for host (test conditions non-ideal).

Apparently those are just residential IP addresses running vulnerable routers with UPNP services exposed on the WAN side.

There were tens of thounsands attacking a single IP in total… Single pps rate was very very low (for example 74.36.12.13 was pushing out just 200pps and it was one of the top offenders)

Tags:

 
0

Blocking outgoing wordpress bruteforces

Posted by EvolutionCrazy on Jul 24, 2014 in networking, snippets

Just an emergency fix to deploy while searching for the root cause of outgoing bruteforce hacks

iptables -I OUTPUT -p tcp -m multiport --dports 80 -m tcp -m string --algo bm --string "wp-login.php" -j DROP

Tags:

 
0

Amazon SES postfix relay on centos

Posted by EvolutionCrazy on Apr 15, 2014 in howto

Following at the letter the amazon SES tutorial:
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html

but auth is not working and giving errors like

No worthy mechs found
SASL authentication failed; cannot authenticate to server

and so on?

Make sure you have the proper auth libs installed

yum install cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5

Tags: , , ,

 
0

Show all the IP addresses available on a linux server

Posted by EvolutionCrazy on Apr 15, 2014 in bash

This command will show a list of all the IP v4 addresses available on a linux server

ip addr | grep inet | grep -v 127.0.0.1 | grep -v inet6 | awk '{ print $2; }' | awk -F'/' '{ print $1; }'

 
0

NTP reflected ddos list and iptables ruleset

Posted by EvolutionCrazy on Jan 20, 2014 in networking

Just a list if you are looking to build your own botnet out of servers badly managed running unsecure NTP daemon installations that can be exploited to deliver reflected ddos attacks.

iptables filtering ruleset (when not running an ntp daemon)

iptables -t raw -I PREROUTING -p udp --dport 123 -j DROP

870 hosts totalling 2.5gbit/sec, full list follows

Read more…

Tags: ,

 
0

Google cloud SQL – adding a new user with GRANT privilege

Posted by EvolutionCrazy on Nov 2, 2013 in Uncategorized

Google cloud sql does not support the

GRANT ALL PRIVILEGES on * . *

command…

in order to create a new user with (almost) all the privileges access the cloud sql console and run these commands:

CREATE USER 'newuser'@'%' IDENTIFIED BY 'newpassword';
GRANT ALL ON `%`.* TO 'newuser'@'%' IDENTIFIED BY 'newpassword';

Those will create a user named “newuser” with password “newpassword” able to connect from every host and able to create new users while granting them access to other databases

 
0

Convert Prestashop tables from mysisam to innodb using phpmyadmin

Posted by EvolutionCrazy on Sep 23, 2013 in howto, snippets

First run this query replacing databasetoconvert with the database name you want to convert

SELECT CONCAT('ALTER TABLE ', table_name, ' ENGINE=InnoDB;') AS sql_statements 
FROM information_schema.tables AS tb 
WHERE table_schema = 'databasetoconvert' 
AND `ENGINE` = 'MyISAM' 
AND `TABLE_TYPE` = 'BASE TABLE' 
ORDER BY table_name DESC LIMIT 0, 10000 ;

then copy the output and run it again against the database you want to convert

 
0

whmcs {php}base64decode tickets

Posted by EvolutionCrazy on Jan 26, 2013 in snippets

create a .php file with this content:

<?php 
$checkvars = array('subject','message'); 
foreach ($checkvars AS $checkvar){
	if(strpos($_REQUEST[$checkvar],'{php}') !== false){
		header('Location: http://www.interpol.int/');
		die('now'); 
		exit;
	}
}
?>

and place it into whmcs /includes/hooks/ directory

Tags: ,

 
0

Processing mysql dumps in hurry (convert single insert to extended insert)

Posted by EvolutionCrazy on Jan 5, 2013 in howto, snippets

Most time there’s little time, sometime there’s NO TIME!

A few days ago I had no time, and had to manipulate a badly exported database (2million+ single myisam insert statements) tuning mysqld was useless, insert delayed useless, increasing buffers useless… and so on… import was taking hours (many hours) on the target box due to impressively high disk io!

So I just fired up a vmware instance with 32gb of ram, 10gb hdd and 8cpu cores (of a xeon L56xx) and did everything in ram.
What was going to take hours on the target box took just 2minutes on the vmware instance…
Then I did a proper “mysqldump –opt” and imported it back into the target box in just 20seconds 😀

yum upgrade -y
wget -q -O - http://www.atomicorp.com/installers/atomic | sh
mkdir -p /var/lib/mysql && mount -v -t tmpfs -o size=24G none /var/lib/mysql
yum install mysql mysql-server -y
nano -w /etc/my.cnf

tune it up a little, in my case

thread_concurrency=16

was enough 🙂

service mysqld restart
mysql_secure_installation

and you are good to go!

import the bad export and after that export it making use of all the proper settings (extended queries, locking and so on) … –opt handles all of them by default 🙂

So yes… sometime I make use of “the cloud” too :O

PS: I do the same (storage on ramdisk) when I’ve to compile a linux kernel.

Tags: ,

Copyright © 2017 evcz.tk All rights reserved. Theme by Laptop Geek.