(local?) linux DoS using nmap

["cami" <cami () dockside co za>]

Good day..

I appologize if this is old but seems still to be
working/active on my own server. (slackware 4.0.0).
I would be interested to know which other distro's
this works against.

Tested against:
  slackware 4.0.0
  debian 2.1
  Redhat 6.0

I became aware of this when local users begun
to launch DoS attacks.


kernel:~$ nmap 127.[0-255].[0-255].[0-255] -p 21 -sT

Starting nmap V. 2.12 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/)
Interesting ports on localhost (127.0.0.1):
Port    State       Protocol  Service
21      open        tcp        ftp

Interesting ports on  (127.0.0.2):
Port    State       Protocol  Service
21      open        tcp        ftp

<snip>

and it keeps going untill the +/-280th packet..

<snip>
Interesting ports on  (127.0.1.32):
Port    State       Protocol  Service
21      open        tcp        ftp

No ports open for host  (127.0.1.33)
No ports open for host  (127.0.1.34)
No ports open for host  (127.0.1.35)

etc.. etc..
<snip>

I havent tested it on remote machines,
but this looks like a tcp/syn flood?

Anyhow, local users can shutdown any
local daemon running on any port.
(apache was the only service
 that remaining running.)

The rest of the other services became
unusable/(dead?).

Any ideas how one could prevent this?
Sorry again if this is old.

Regards
 hotmetal of (src)
 hotmetal () hack co za

(      www.hack.co.za        )
(e x p l o i t    m a t r i x)
(world domination in progress)