> goes down every few days with dire error messages (like "Aiee ! system
> panic...).
Hmmm... Have you upgraded your kernel. I think the stock 2.2.5
kernel with RedHat 6.0 is vulnerable to a zero length fragment attack.
Current kernel version is 2.2.12.
> I ran diagnostics on my machine and it passed all tests. At the same
> time,
> our departmental Sun systems (Ultrasparc servers) slow down to a crawl
> --- and it
> turned out that some hackers are attacking our systems with pings and
> telnets (a packet sniffer disclosed that our high-speed network is
> completely saturated by pings, ftp's and telnets from a few sources.
Probably smurf attacks...
> The question is: how do I prevent these attacks from crashing my Linux
> system?
> (Disconnecting from the network is not an option...). They slow down
> Solaris
> systems (during the attack itself) but don't kill them off. Our system
> adminstrator
> said that the Linux kernel is full of race conditions that cause it to
> crash under these circumstances...
Your system administrator is on drugs. The problem was a bug in
the kernel but was not a race condition.
Are you running NIS on those Solaris boxes? How about finger? If
the answer is yes to both, tell your system administrator that anyone can
obliterate your entire network just with well timed finger requests. The
Solaris boxes will flood the network with NIS requests and tear it to its
knees. Sun has no fix. Only options are to avoid NIS (including NIS+),
or avoid finger (good idea anyways), or use a "public domain" finger. The
finger that comes with Linux is not vulnerable.
> Is there some way to reconfigure my system to make it less vulnerable?
Keep it up to date. Same thing can be said about Solaris, or
Windows, or any other operating system or distribution. There are a pile
of update RPM's out there for RedHat 6.0 and a lot of them are security
related. Get them installed.
> --
> ______________________________________________________________________
> |
> Time blows wildly against my door | Justin R. Smith
> Stirring discarded sorrows | Department of Mathematics and
> Like dead leaves of summers past | Computer Science
> Memories of forgotten lore | Drexel University
> Making way for new tomorrows | Philadelphia, PA 19104
> New hopes, new fears, |
> and new ways that last | Office: (215) 895-1847
> |
> c Justin R. Smith, March 14, 1994 | Fax: (215) 895-1582
>
> My home page: http://www.mcs.drexel.edu/~jsmith
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/