Security Incidents mailing list archives
Which DoS ? [Updated]
From: InouK () IGT NET (Eric LeBlanc)
Date: Fri, 16 Jun 2000 02:10:35 -0400
Hello, thanks for reponses! but I have ONE reponse explain all: ------ From: "Lee Monamy" <lee.monamy () home com> I think this may be the superforker DoS attack from www.rootshell.com Lee (thanks Lee!) ----- cracked (customer in IGT.NET (yes, it's a compagny)), use superforker for crash this server. this account is obsoulivy revoked. It's not a hack, or rooted. I tested superforker.c on my test machine, and I have same things in /tmp. My box (test machine) crash many times hehe. but... I have one question: What the workaround for that? I have one workaround: quota in /tmp, but superforker use the CPU and RAM 100%... result: overloading ressources, and crash. Any solutions? Thanks! Rick
On Thu, 15 Jun 2000, Eric LeBlanc wrote:Hello, Sorry for my poor english... When I type: lynx http://www.mysite.net, and I have: /tmp//NkQbSU: Too many links hmm, I to go in /tmp, and I type: "ls". My command "ls" is crashed... no succes with ls -l. Well.. I type: du and I have: 1 ./irWyjKifh 1 ./ApbZAlifh 1 ./rhtLAlifh 1 ./egtLAlifh 1 ./dvwSAlifh 1 ./aQaSAlifh 1 ./MvkMAlifh 1 ./aNtdPlifh 1 ./RNtdPlifh 1 ./BQQtZLifh 1 ./rjgtZLifh 1 ./OjgtZLifh 1 ./FQwQZLifh 1 ./BhGQZLifh 1 ./bYcQZLifh and more and more and more crap, I hit ctrl-c... I tarred (tar -c) /tmp, and I hit ctrl-c again, because is too big (over 180M) well.. I choose one: toutatis (root):/tmp/> cd bYcQZLifh toutatis (root):/tmp/bYcQZLifh/> ls -al total 5553 d--------- 2 cracked cracked 1024 Jun 10 01:59 . drwxrwxrwt 32000 root root 5661696 Jun 14 23:58 .. toutatis (root):/tmp/bYcQZLifh/> (same thing for others crap's) What is DoS used for that (name, fonction, workaround, etc) ? Thanks. Rick -- Eric LeBlanc inouk () igt net ------
Current thread:
- Which DoS ? [Updated] Eric LeBlanc (Jun 15)
- Re: Which DoS ? [Updated] Patrick Oonk (Jun 16)
- Re: Which DoS ? [Updated] Pluto (Jun 20)
- Re: Which DoS ? [Updated] Ian Eure (Jun 21)
- Netbus portscan ( port 12345) lmonin () METACONCEPT COM (Jun 21)
- Re: Netbus portscan ( port 12345) James T. Perry (Jun 22)
- scanned - strange! Sir Scriptzalot (Jun 21)
- (forw) Jennifer Granick Audio Interview now online Elias Levy (Jun 21)
- Connections to port 635 ?? Gunther Stammwitz (Jun 21)
- Connections to port 635 ?? Klaus Moeller (Jun 23)
- Re: Connections to port 635 ?? Bill (Jun 23)
(Thread continues...)