Date: Fri, 21 Jan 2000 12:30:24 +0000 (GMT) From: Intranova Networking Group <oogali@intranova.net> To: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl> Cc: jamiE rishaw - master e*tard <jamiE@arpa.com>, Tom <tom@uniserve.com>, Mike Tancsa <mike@sentex.net>, freebsd-security@freebsd.org Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <Pine.BSF.4.10.10001211226510.48361-100000@blacklisted.intranova.net> In-Reply-To: <20000121133216.D6965@daemon.ninth-circle.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is bad, I started working on it around 7am, did a little program that flooded another machine at home in 50ms intervals with a spoofed TCP/IP packet, and the FreeBSD machine gave no indication of trouble, load averages jumped a little from 0.00 to 0.22, then it rebooted, then this morning my machine at work was hit and it rebooted, after rebooting, syslog was cluttered with ICMP bandwidth limiting messages. But for one thing I ran three instances of my program simultaneously, so maybe that could help someone... I really have no idea on what to say now... Omachonu Ogali Intranova Networking Group On Fri, 21 Jan 2000, Jeroen Ruigrok/Asmodai wrote: > -On [20000121 13:21], Omachonu Ogali (oogali@intranova.net) wrote: > >Could you give us a snippet of the syslog output from the FreeBSD machine? > > I tested it on two CURRENT boxes. > > No panics, no crash, nothing in the syslog, just weird packets over the > wire. I could still type through my ssh connections, use top. Albeit a > bit more slowly. > > Could be that the 10 MB segment (connecting the machines in that segment > with a hub) could saturated too much. > > Also, when running stream I got these from the program: > > jess: No buffer space available > jess: No buffer space available > jess: No buffer space available > jess: No buffer space available > > Which seems that there's some throttling going on due to no buffers > being free. > > Also netstat -m on both boxes isn't scary to behold and the nbmclusters > are in the range of 1500. > > Just some observations, > > -- > Jeroen Ruigrok vd W/Asmodai asmodai@[wxs.nl|bart.nl|freebsd.org] > Documentation nutter/B-rated Coder BSD: Technical excellence at its best > The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>; > Ain't gonna spend the rest of my Life, quietly fading away... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001211226510.48361-100000>