Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 8 subscribers
  • Views 1475 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall CPU constantly at 100%

Frank Wijmans1

Hi folks,

We've got a couple of UTM firewalls running for several customers and we've noticed that some of those are running constantly at 100% CPU load.

These UTM firewalls all have different versions running, somewhere between 9.5 and 9.7. And after checking the running processes we've noticed the culprit seems to be the proces called 'xmrig'. I'm note familiar with this process but if you do a simple search on google, you'll get all kinds of crypto miner hits, suggesting this process is being used/abused to mine cryptos.

When we deployed a fresh UTM firewall, we noticed this process is available/running from the start. So I'm guessing this proces has been around on the UTM firewalls for some time. Does the UTM even use this process itself or is it just part of the Linux distro?

Anybody else encountered this behaviour before? Is it safe to assume these firewalls have been compromised, or are we way off base?

Cheers,

Frank



This thread was automatically locked due to age.
Parents
  • 0

    We were discussing the 100% issue here last year and saw with a few UTMs that the issue was related to Up2Date.  Turning that off seemed to turn down the CPU usage.  I've seen another where the log files are astronomical in size.  I would start there and see.

    The only reference that I found to xmrig related to Sophos (search at the top of the page) was related to some updated definitions.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • 0

    We were discussing the 100% issue here last year and saw with a few UTMs that the issue was related to Up2Date.  Turning that off seemed to turn down the CPU usage.  I've seen another where the log files are astronomical in size.  I would start there and see.

    The only reference that I found to xmrig related to Sophos (search at the top of the page) was related to some updated definitions.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data
Unfiltered HTML