Bugtraq mailing list archives
Re: BoS: Urgent !! Serious Linux Security Bug....
From: tgpt () pas rochester edu (Tom Guptill)
Date: Tue, 22 Oct 1996 12:16:41 -0400
I just wanted to note that some of the diagnoses people are using to track this problem might be a bit shaky. For example, if you're not doing your diagnosis on the console or on a serial terminal, the machine might appear to be "hung" during the test when in fact you've simply blocked it from receiving network traffic. (Not that this isn't a problem, mind you.) For example: ping -f -s 64000 sunos4machine from my Linux box rapidly overflows the buffer on my Sun4/110 running 4.1.3_U1. The machine recovers, but it's "dead to the network" for the duration of the attack and for a few moments afterward. This is *not* the same problem as the machine halting entirely or rebooting when it is being attacked: if I'm on the console of the machine, it is still responsive, and while flood pinging is still a denial of service attack its consequences are far less serious (an interruption in remote access as opposed to a system crash possibly resulting in loss of data). Where possible, it might be handy to clarify whether the machine suffers an OS-level "hang" (where it doesn't come back) or a network-level "hang" (where the machine is still up and running but it isn't talking to the network while the attack is going on.) As a side note, a system that I used to administer in a previous job is running a localized version of Linux 1.2.3 has a strange immunity to many kinds of network attacks: it's a 386SX16 with a ton of stuff added on (multiple disk controllers, etc.) and very little RAM. Whenever it gets large bursts of network traffic, it starts missing interrupts and essentially ignoring the network entirely. The more heavily loaded the machine is, the more quickly this happens. Not the most elegant defense in the world, but an effective one. :) -- Tom Guptill tgpt () pas rochester edu UNIX SA 104 B&L RC Department of Physics and Astronomy, University of Rochester
Current thread:
- Re: BoS: Urgent !! Serious Linux Security Bug...., (continued)
- Re: BoS: Urgent !! Serious Linux Security Bug.... kewl aid smile (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Jon Lewis (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 22)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Eli Burke (Oct 20)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Jared Mauch (Oct 20)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Oliver Xymoron (Oct 21)
- Ping problem patch page Mike Bremford (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Henrik P Johnson (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Jared Mauch (Oct 20)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Timothy Brown (Oct 21)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Tazman (Oct 22)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Tom Guptill (Oct 22)
- Re: BoS: Urgent !! Serious Linux Security Bug.... David O'Brien (Oct 25)
- Re: BoS: Urgent !! Serious Linux Security Bug.... Alan Cox (Oct 25)
- Re[2]: BoS: Urgent !! Serious Linux Security Bug.... Mike Bremford (Oct 25)
- Linux & BSD's lpr exploit Vadim Kolontsov (Oct 25)
- Re: Linux & BSD's lpr exploit David Holland (Oct 25)
- Re: Linux & BSD's lpr exploit UDNet Security (Oct 25)
- Re: Linux & BSD's lpr exploit Capitan (Oct 30)
- Re: BoS: Urgent !! Serious Linux Security Bug.... David O'Brien (Oct 25)
- Re: BoS: Urgent !! Serious Linux Security Bug.... kewl aid smile (Oct 21)