Vulnerability Development mailing list archives
Re: leaky kernel ? ;)
From: secure () SECUREAUSTIN COM (H D Moore)
Date: Wed, 29 Dec 1999 22:08:21 -0600
Heh, thats actually kind of cool. Anyways, could it be possible that your net traffic is being diverted to the syslog/udp port? Maybe someone is spraying your syslog port for kicks? Is syslogd running with remote reception? Any strange kernel modules? mIV wrote:
OK, there's RH 6.1 on 2.2.13. Let's take a look at /var/log/messages: Dec 2 13:28:48 pentium kernel: age.... Dec 2 13:28:55 pentium kernel: 65 lated me Dec 2 13:28:58 pentium kernel: 6C original Dec 2 13:28:58 pentium kernel: ine as Dec 2 13:29:07 pentium kernel: age.... Dec 2 13:29:14 pentium kernel: ge....- Dec 11 14:21:46 pentium kernel: 20 ...This Dec 11 14:22:49 pentium kernel: 3em te=B Dec 11 14:22:53 pentium kernel: 4B , ze ACK and so on ... Do you know where are these strings from ? I'll tell ya. It's all from my mail fetched by fetchmail (via PPP). OK, these were strings but we have also sth like this: Dec 13 22:24:38 pentium kernel: 40 21 4C BB F4 6F 5F DD @!L..o_. Dec 13 22:24:39 pentium kernel: C4 41 74 3F BD 54 47 B9 .At?.TG. These in turn look like some kind of binary dump. Apparently not only mail fragments land in my logs. It seems that entire net traffic is affected. There's no need for sniffer in this case ;) That's not good when some net packets are dumped to system logs, is it ? Is it a bug ? If so, is it known to kernel developers ? greetz, ______________________________________________________ mIV email:marcel () linux com pl, m () sh pl "When freedom is outlawed, only outlaws will be free." ------------------------------------------------------
Current thread:
- Re: BSD chfn bug FARAZ JAMSHED (Dec 28)
- Re: BSD chfn bug Warner Losh (Dec 28)
- Re: BSD chfn bug (aka ssh quirks/killing thread) Blue Boar (Dec 28)
- leaky kernel ? ;) mIV (Dec 29)
- Re: leaky kernel ? ;) H D Moore (Dec 29)
- Re: leaky kernel ? ;) Wakko Ellington Warner-Warner III (Dec 30)
- Re: leaky kernel ? ;) Andrei D. Caraman (Dec 30)