Date: Fri, 20 Aug 2004 22:16:03 GMT From: Jeff Harper <jeff@acmeshells.com> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/70747: ddos attack causes box to crash on kernel 5.2.1 Message-ID: <200408202216.i7KMG30p065887@www.freebsd.org> Resent-Message-ID: <200408202220.i7KMKGDq079577@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 70747
>Category: i386
>Synopsis: ddos attack causes box to crash on kernel 5.2.1
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 20 22:20:16 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Jeff Harper
>Release: 5.2.1
>Organization:
AcmeShells
>Environment:
FreeBSD monarch.acmeshells.com 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #2: Fri Aug 20 12:41:46 MST 2004 jeff@monarch.acmeshells.com:/usr/src/sys/i386/compile/MONARCH i386
>Description:
When someone issues an attack to the machine the machine ends up crashing, only rebooting will bring it back to life.
logs of attack:
15:51:48.648519 66.235.193.71.2940 > 69.28.170.151.53: 12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] [16706au][|domain]
15:51:48.648525 66.235.193.71.2940 > 69.28.170.151.53: 12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] [16706au][|domain]
15:51:48.648533 66.235.193.71.2940 > 69.28.170.151.53: 12337 op6$ [b2&3=0x3233] [13879a] [13365q] [14393n] [16706au][|domain]
they send about 200,000 of this to port 53 and bam the box crashes, this is plain install with ipfw enabled, ipfw has port 53 blocked on that ip and it still does not help.
>How-To-Repeat:
someone would have to attack the ip using whatever method they are.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408202216.i7KMG30p065887>