Re: Possible DoS attack against Sun Ray Servers?

[Sam Ferrell <ferrell () tns utk edu>]

It doesn't seem to work against sunray software 1.2. I ran a number of
other nmap scans as well. It's a surprise seeing how buggy this software
can be at times. I'm not happy to hear 1.3 has problems 1.2 doesn't! ;)

Sam


On Thu, 6 Dec 2001, Hanspeter Schmid wrote:

> Hello Bugtraqers,
>
> yesterday I tried an nmap scan from one of my servers
> to my SunRay server, with
>
>   nmap -O 10.50.2.4
>
> Immediately, the SunRay Server reacted with
>
> Dec  5 09:21:12 brnray utauthd: [ID 387677 user.info] WatchIO UNEXPECTED:
> utauthd.watchIOEvent: java.net.SocketException: Software caused connection
> abort
> Dec  5 09:21:12 brnray utauthd: [ID 191561 user.info] Worker1 UNEXPECTED:
> CB.taskEvent:read failed : e = java.net.SocketException: Connection reset by
> peer: Connection reset by peer
>
> > From then on, things got worse and worse.  Sessions would
> not restart after a logout, one session got stuck with a
> black screen, and the SunRay admin port 7010, although
> still recognized as open by nmap, would not answer telnet
> anymore.
>
> I soon rebooted because brnray is a productive system.
>
> Does anybody have an idea what's up?  Anybody in for
> trying to reproduce it?  I can't, because I have ten
> engineers working on that server ...
>
> Oh, by the way: It's SunRay Server Software 1.3 on Solaris 8,
> the SunRay subnet has a dedicated ethernet card / switch.
>
> Slainte!
> Hanspi