Re: Attacks bringing my system down!

Steve Dodd (dirk@loth.demon.co.uk)
Thu, 16 Sep 1999 22:05:16 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jens Axboe: "Re: cdrom drive not working with 2.2.12"
Previous message: H. Peter Anvin: "Re: Ext3 filesystem info?"

On Thu, Sep 16, 1999 at 03:42:32PM -0400, Justin Smith wrote:

> 've posted to this group before about how my Redhat 6.0 system
> goes down every few days with dire error messages (like "Aiee ! system
> panic...).

Hmm, I can't see them in my recent archives, I'm doing a Big Grep to try
and track them down. Perhaps you should repost the messages; if the panic
is preceeded by an oops, make sure that the symbols are resolved in some way
-- ksymoops is probably easiest. Knowing what kernel version would also help.

> I ran diagnostics on my machine and it passed all tests.

What 'diagnostics'?

> The question is: how do I prevent these attacks from crashing my Linux
> system?
>
> (Disconnecting from the network is not an option...). They slow down
> Solaris systems (during the attack itself) but don't kill them off.

Long term, you probably want to filter at your border routers. But you're
right, it shouldn't bring the machine down.

> Our system adminstrator said that the Linux kernel is full of race
> conditions that cause it to crash under these circumstances...

Two possible options spring to mind:
i) He's looked at the source, and has found this out. In which case,
it would help if he told us (the list) what they were, and someone
would fix them. Perhaps you could ask him to do this.

ii) he's talking utter bollocks.

I have my suspicions, but I'm not going to voice them.

> Is there some way to reconfigure my system to make it less vulnerable?

Probably; first, I'd make sure you're running the latest kernel, or have
applied patches to fix any known bugs in the version you're using (for the
last few versions of 2.2, Alan Cox has got some detailed info at
<URL:http://www.linux.org.uk/>). Have a poke around in /proc/sys/net/ and see
if there are useful options to turn on -- Documentation/proc.txt is quite
useful to discover what some of them do. Investigate using ipchains or
equivalent to drop the offending packets.

Oh, the grep finished. Can't see anything with your name or email address
on it, and my archives go back to mid-January :-(

-- Death is only a state of mind.

Only it doesn't leave you much time to think about anything else.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Jens Axboe: "Re: cdrom drive not working with 2.2.12"
Previous message: H. Peter Anvin: "Re: Ext3 filesystem info?"