Back-to-Back Syncs Failing

latacora-ng · February 20, 2020, 5:56pm

greenbone-scapdata-sync
Greenbone community feed server - feed.community.greenbone . net/
This service is hosted by Greenbone Networks - www.greenbone . net/

All transactions are logged.

If you have any questions, please use the Greenbone community portal.
See community.greenbone . net for details.

By using this service you agree to our terms and conditions.

Only one sync per time, otherwise the source ip will be temporarily blocked.

receiving incremental file list
timestamp
13 100% 12.70kB/s 0:00:00 (xfr#1, to-chk=0/1)

sent 43 bytes received 114 bytes 44.86 bytes/sec
total size is 13 speedup is 0.08
rsync: failed to connect to feed.openvas . org (89.146.224.58): Connection refused (111)
rsync: failed to connect to feed.openvas . org (2a01:130:2000:127::d1): Cannot assign requested address (99)
rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3

This happens after I successfully run a greenbone-certdata-sync or greenbone-nvt-sync.

It seems, if I wait long enough, 3-5min, then the sync will work.

In regard to:

Only one sync per time, otherwise the source ip will be temporarily blocked.

How long is time in this context?

Lukas · February 21, 2020, 9:16am

As long your TCP State is not FIN or FIN /ACK.

latacora-ng · February 21, 2020, 4:39pm

Ok, I can be more explicit in my question.

rsync: failed to connect to feed.openvas . org (89.146.224.58): Connection refused (111)
rsync: failed to connect to feed.openvas . org (2a01:130:2000:127::d1): Cannot assign requested address (99)

Is this error a result of this “blocking” mechanism on your community feed servers?

If so, how long is the “block” for?

Why am I seeing this error if I am only making requests “as long as my previous sync’s TCP state is FIN or FIN/ACK”?

How do I avoid seeing this error when trying to successively update each of the feeds?

Lukas · February 21, 2020, 5:06pm

Remove any NAT or firewall device between you and the internet. Such systems trend to keep sessions open, even if they are disconnected at the client.

Here our rules:

REJECT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 flags:0x17/0x02 #conn src/32 > 1 reject-with tcp-reset
ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 flags:0x17/0x02

That is all, we don´t have any timer or other limitations.

latacora-ng · February 21, 2020, 5:39pm

Sounds good.

Thanks for the info.