Re: Emergency shutdown feature

Kevin Lentin (
Mon, 22 Dec 1997 11:00:11 +1100

On Sun, Dec 21, 1997 at 11:16:13AM -0500, linux kernel account wrote:
> I see the only need for the 'challange system' is so that you can
> idenitify the sender. My main difficulity with the challange system, is
> that the reboot packet is to reboot a runaway computer. The challange
> system would mostlikely lower it's effectiveness.
> Furthermore, there is no need to use a random number to prevent replay.
> The window is small enough (4minutes, someone with the ablity to sniff
> could do more damage then making it go down again as soon as it came up)..

Also, if you're rebooting a runaway computer, you're likely to take a few
minutes to reboot and fsck. A few gig of heavily used disk can suck up time
in fsck quite nicely. And if you're really worried (and the loss of 4
minutes is worth less to you than the risk of attack) then put a 4 minute
pause in your startup scripts in the case of 'unclean' reboots. Or do not
accept 'reboot' packets during the first 4 minutes of uptime (less boot
time would probably only be a minute or two at max on a small disk system).

> > - A single valid packet can be replayed until it is no longer valid.
> > so your poor host will be rebooting until the packet expires... So
> > if you validly reboot the machine, anyone listening can reboot the
> > machine for a few minutes...
> You couldn't reboot it until it was on the network.. How many
> times could I reboot your computer in that 256second window? Maby one
> additional time...


[     Kevin Lentin               Email:      ]
[   finger for PGP public key block.   ]
[  KeyId: 06808EED    FingerPrint: 6024308DE1F84314  811B511DBA6FD596  ]