Security Incidents mailing list archives

Which DoS ? [Updated]

From: InouK () IGT NET (Eric LeBlanc)
Date: Fri, 16 Jun 2000 02:10:35 -0400


Hello,

thanks for reponses! but I have ONE reponse explain all:

------
From: "Lee Monamy" <lee.monamy () home com>

I think this may be the superforker DoS attack from www.rootshell.com

Lee

(thanks Lee!)
-----

cracked (customer in IGT.NET (yes, it's a compagny)), use superforker
for crash this server. this account is obsoulivy revoked. It's not a hack,
or rooted.

I tested superforker.c on my test machine, and I have same things in
/tmp.  My box (test machine) crash many times hehe.

but... I have one question: What the workaround for that?

I have one workaround: quota in /tmp, but superforker use the CPU and RAM
100%... result: overloading ressources, and crash.

Any solutions?

Thanks!

Rick

On Thu, 15 Jun 2000, Eric LeBlanc wrote:

Hello,

Sorry for my poor english...

When I type: lynx http://www.mysite.net, and I have:

/tmp//NkQbSU: Too many links


hmm, I to go in /tmp, and I type: "ls".  My command "ls" is crashed... no
succes with ls -l.  Well.. I type: du

and I have:

1       ./irWyjKifh
1       ./ApbZAlifh
1       ./rhtLAlifh
1       ./egtLAlifh
1       ./dvwSAlifh
1       ./aQaSAlifh
1       ./MvkMAlifh
1       ./aNtdPlifh
1       ./RNtdPlifh
1       ./BQQtZLifh
1       ./rjgtZLifh
1       ./OjgtZLifh
1       ./FQwQZLifh
1       ./BhGQZLifh
1       ./bYcQZLifh



and more and more and more crap, I hit ctrl-c... I tarred (tar -c) /tmp,
and I hit ctrl-c again, because is too big (over 180M)

well.. I choose one:

toutatis (root):/tmp/> cd bYcQZLifh
toutatis (root):/tmp/bYcQZLifh/> ls -al
total 5553
d---------    2 cracked  cracked      1024 Jun 10 01:59 .
drwxrwxrwt  32000 root     root      5661696 Jun 14 23:58 ..
toutatis (root):/tmp/bYcQZLifh/>

(same thing for others crap's)

What is DoS used for that (name, fonction, workaround, etc) ?

Thanks.

Rick


--
Eric LeBlanc
inouk () igt net
------

Current thread:

Which DoS ? [Updated] Eric LeBlanc (Jun 15)
- Re: Which DoS ? [Updated] Patrick Oonk (Jun 16)
- Re: Which DoS ? [Updated] Pluto (Jun 20)
  - Re: Which DoS ? [Updated] Ian Eure (Jun 21)
- Netbus portscan ( port 12345) lmonin () METACONCEPT COM (Jun 21)
  - Re: Netbus portscan ( port 12345) James T. Perry (Jun 22)
- scanned - strange! Sir Scriptzalot (Jun 21)
- (forw) Jennifer Granick Audio Interview now online Elias Levy (Jun 21)
- Connections to port 635 ?? Gunther Stammwitz (Jun 21)
  - Connections to port 635 ?? Klaus Moeller (Jun 23)
  - Re: Connections to port 635 ?? Bill (Jun 23)

(Thread continues...)