Nmap Announce mailing list archives
Re: (local?) linux DoS using nmap
From: "cami" <cami () dockside co za>
Date: Thu, 3 Jun 1999 17:16:48 +0200
What kernel version are you running, and do you have SYN Cookies enabled
2.2.5
only ftp is affected;
Sadly i'd have to say you are incorrect. To spice up the attack.. try something like this.. kernel:~$ nmap 127.0.[0-255].[0-255] -sT And what do u get? all services go bye-bye.
I assume it will recover after some time.
Unfortuately, wrong again. I sat waiting for my services to come around with no luck.
so now we have not only disabled ssh. it got to scanning 127.0.5.* the load went right down to 10. and ssh was running again.
Very true, sshd seems to struggle but does indeed come back up (although with much difficulty.) I've managed to code a little tool that "locks" up sshd remotely rendering it useless. (along with basically any other daemon running on a linux machine) btw.. just out of interests sake, i'm running Slackware 4.0.0 with syn cookies enabled on a pII 350 and 128m ram. Please also take note i've tested this against every version of linux i can get my hands on and it _does_ work on all distributions. Anyone run this against any FreeBSD machines etc..? Regards hotmetal of (src) hotmetal () hack co za ( www.hack.co.za ) (e x p l o i t m a t r i x) (world domination in progress)
Current thread:
- (local?) linux DoS using nmap cami (Jun 02)
- Re: (local?) linux DoS using nmap Mr. Man (Jun 02)
- Re: (local?) linux DoS using nmap Vidyut Luther (Jun 03)
- <Possible follow-ups>
- Re: (local?) linux DoS using nmap cami (Jun 03)
- Re: (local?) linux DoS using nmap Lamont Granquist (Jun 03)
- Re: (local?) linux DoS using nmap Ken Williams (Jun 05)
- Re: (local?) linux DoS using nmap moses (Jun 06)
- Re: (local?) linux DoS using nmap Mr. Man (Jun 02)