Date: Fri, 21 Jan 2000 06:21:15 -0500 (EST) From: Omachonu Ogali <oogali@intranova.net> To: jamiE rishaw - master e*tard <jamiE@arpa.com> Cc: Tom <tom@uniserve.com>, Mike Tancsa <mike@sentex.net>, freebsd-security@freebsd.org Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <Pine.BSF.4.10.10001210620230.10312-100000@hydrant.intranova.net> In-Reply-To: <20000120130945.B24082@x.arpa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Could you give us a snippet of the syslog output from the FreeBSD machine? P.S> Stop replying to 3 different lists, its starting to get annoying. Omachonu Ogali Intranova Networking Group On Thu, 20 Jan 2000, jamiE rishaw - master e*tard wrote: > I have a copy of this, which I am not giving out. I will probably > fire one off to jkh for sanity, but this looks like a really tough one > to handle. > > The program basically fires off *loads* of pkts/sec of ACK at the victim > host.. random source, blah blah. > > The problem is, the kernel already (from my understanding) drops bad ACKs > pretty quickly. The thing is, tho, that it's kernel bound.. which means > CPU.. so unless you have tons of extra CPU to spare, this attack will > take your system to a "pause" until the attacker ceases. > > The only way to trace this attack is same as a SYN or smurf attack: to > reverse flow "trace", which requires experienced backbone engineers and > cooperation of sometimes multiple providers. > > I duno. We'll see. > > -jamie > > On Thu, Jan 20, 2000 at 12:34:45PM -0800, Tom wrote: > > > > On Thu, 20 Jan 2000, Mike Tancsa wrote: > > > > > Can anyone confirm the bugtraq posting ? Are the freebsd folks working on > > > a fix ? If so, what versions are effected ? > > > > > > ---Mike > > > > > > >The only log that he could provide was this one: > > > > > > > >---snip--- > > > > > > > >syslog:Jan 18 12:30:36 x kernel: Kernel panic: Free list empty > > > > > > > >---snip--- > > > > > > > >One thing of note: he also stated this happened on non-freebsd systems, > > > >which is contrary to what the other person said, who was "under the > > > >impression it was freebsd specific." > > > > > > > >I have the source, which I'm not going to post for 2-3 days (give time for > > > >fbsd to work on the fix). If it isn't out before the 21st, I'll post it up. > > > > > > Uhh.. there isn't enough information here to determine anything. > > > > > > > ------------------------------------------------------------------------ > > > Mike Tancsa, tel +1 519 651 3400 > > > Network Administrator, mike@sentex.net > > > Sentex Communications www.sentex.net > > > Cambridge, Ontario Canada > > > > > > Tom > > Uniserve > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > i am jamie at arpa dot com this is a no plur zone. > > "silly raver, k is for cats!" > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001210620230.10312-100000>