Re: [LINUX:7673] nuke

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Subject: Re: [LINUX:7673] nuke
From: bourne (bourne@holyfire.com)
Date: Wed 21 Jul 1999 - 08:38:05 EET DST

Next message: Serdar Gurcan: "Re: [LINUX:7683] Re: nuke"
Previous message: Mustafa Akgul: "Re: [LINUX:7681] Re: ftp server"
In reply to: Serdar Gurcan: "nuke"
Next in thread: Serdar Gurcan: "Re: [LINUX:7683] Re: nuke"

Date: Tue, 1 Jun 1999 23:30:33 +0100
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
To: BUGTRAQ@NETSPACE.ORG
Subject: Linux 2.2 DoS attack

Ok problem confirmed. Its not icmp however - in fact the program given
has some bugs that cause it. If it had been a correctly written icmp
tester
it wouldnt have worked. A blessing in disguise.

Anyway the fix seems to be this. Sorry it took so long to sort out.

--- ../linux.vanilla/net/ipv4/ip_options.c Wed May 12 16:49:38 1999
+++ net/ipv4/ip_options.c Tue Jun 1 22:11:46 1999
@@ -452,7 +452,6 @@
error:
        if (skb) {
                icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24));
- kfree_skb(skb);
        }
        return -EINVAL;

}
---------------------------------------------------------------------------

2.2.9'a kadar olanlar bunu yiyor..
Isterseniz 2.2.9+ 'ya yukseltin, isterseniz yukaridaki patchi uygulayin
19. porttan giden nuke ben bilmiyorum..
Hangi porta attiklari da bilemezsiniz, cunku her zaman ayni porta atan
winnuke falan gibi seyler..

isterseniz ipchains ile icmpleri kapatabilirsiniz..

Iyi calismalar,
-Can
On Tue, 20 Jul 1999, Serdar Gurcan wrote:

> kernel 2.2.6 var
> hangi nukeler, bu kernela etki ediyorlar acaba.. daha yuksek kernellar
> beni nuke'tan korur mu?
> sanirim, 19. porttan saldiriyorlar, portlari nasil kapatirim
> sevgiler!
>
> ))
> (( ODTU FEF KIMYA BOLUMU O-208 tel:2103211
> _)) METU A&Sc Fac. Chemistry Dep
> / \
> / // serdar@curie.chem.metu.edu.tr
> /\/\ _\\ gurcan@rorqual.cc.metu.edu.tr
> (o_o-)|/ * COMING SOON!
> ==o==|| http://www.chem.metu.edu.tr/~serdar
> * *
>
>
>
> Listeden cikmak icin:
> unsub linux
> mesajini listeci@bilkent.edu.tr'a gonderiniz.
> Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
> Liste arsivinin adresi: http://listweb.bilkent.edu.tr/
>
>
>

Listeden cikmak icin:
          unsub linux
mesajini listeci@bilkent.edu.tr'a gonderiniz.
   Lutfen Listeci icin MIME / HTML / Turkce Aksan kullanmayin.
  Liste arsivinin adresi: http://listweb.bilkent.edu.tr/

Next message: Serdar Gurcan: "Re: [LINUX:7683] Re: nuke"
Previous message: Mustafa Akgul: "Re: [LINUX:7681] Re: ftp server"
In reply to: Serdar Gurcan: "nuke"
Next in thread: Serdar Gurcan: "Re: [LINUX:7683] Re: nuke"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Bu arsiv hypermail 2b25 tarafindan uretilmistir.