Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

re: WWW Servers Bandwidth flood on Internet

From: rikardur () rhi hi is (Rikhardur Egilsson)
Date: Wed, 18 Jan 1995 11:46:02 +0000 (GMT)

--- Forwarded mail from Ed Goldgehn <edg () OCN Com>
[deleted]


It appears that Linux(tm) also has this bug.

The following is from /usr/adm/messages :

Dec 28 11:53:04 cray wu.ftpd[2730]: connect from some.slip.user.is
Dec 28 11:53:04 cray ftpd[2730]: USER anonymous
Dec 28 11:53:05 cray ftpd[2730]: PASS thor () some slip user is
Dec 28 11:53:06 cray ftpd[2730]: SYST
Dec 28 11:53:06 cray ftpd[2730]: PASV  <==Badly configured client!!!
Dec 28 11:53:06 cray ftpd[2730]: FTP session closed


And the output of 'netstat' some 72 hours later :

Active Internet connections
Proto Recv-Q Send-Q Local Address        Foreign Address         (State) User
tcp        1      1 cray.rhi.hi.is:2044  some.slip.user.is:1051  CLOSE   root



There actually were 7 'pairs' of this kind from this host, and 2 from another
host.

'cray' continued to send packets on a 15 seconds interval and helt open the
clients dial-on-demand router.

'cray' actually is a 386-16MHz. :)

_________________________________________________________________
| Rikhardur Egilsson    | I come from the land of Ice and snow  | 
| rikardur () rhi hi is    | with the midnight sun and where the   |
| TF3RET                |          hot streams flow.            |
-----------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: