From: "Rodrigo Barbosa (aka morcego)" <rodrigob@conectiva.com.br>
To: linux-kernel@vger.kernel.org, riel@conectiva.com.br
Subject: [whitevampire@MINDLESS.COM: Naptha - New DoS]
Date: Thu, 7 Dec 2000 15:02:47 -0200 [thread overview]
Message-ID: <20001207150247.G24723@conectiva.com.br> (raw)
[-- Attachment #1: Type: text/plain, Size: 3501 bytes --]
I'm just forwarding it. I know nothing about it. I don't know how it works.
I don't know how to protect agains it. I don't know what is a Kernel.
I don't know what is Linux. I don't know what is e-mail. Who am I ?
Where am I ? What are all those green dots in the sky ? Ahhhhhhhhhhhh :-)
Anyway, I talked to Riel before sending this bug here, and he acknoledged
that it's really something new:
<riel> hummmm
<riel> indeed, this is a new one
<riel> which hits in the tcp ESTABLISHED phase
----- Forwarded message from White Vampire <whitevampire@MINDLESS.COM> -----
Date: Wed, 6 Dec 2000 23:34:39 -0500
From: White Vampire <whitevampire@MINDLESS.COM>
Subject: Naptha - New DoS
Greetings,
[ Misc Info ]
I find it rather odd that this has yet to be mentioned on
Bugtraq. I know of more than one person besides myself who has
experienced some problems with this DoS since this advisory was
released. I delayed mentioning it on this list because I figured
someone from Razor would release it, or someone who was involved with
the discovery. Various vendors are no doubt already coding like mad.
I have disabled Keepalive in Apache (via 'Keepalive Off' in the
configuration file) and changed the kernel timeouts, as recommended by
the advisory. This will help some, but not enough. I hope to see
complete fixes available soon, perhaps this will help kick-start
it. Limiting public access to TCP daemons is also a way to help prevent
attacks.
[ Quick Summary ]
Basically, it will leave a TCP connection on the target machine
in a "certain state." The method discovered will exhaust resources on
the target machine, whereas the originating machine will not be
affected that greatly. Before such attacks were infeasible because the
originating machine would also be affected. The target machine can be
starved of resources to the point of failure.
Some affected operating systems:
* Novell's Netware 5.0 with sp1 (Will not recover)
* Linux (2.2.x .. others ?) (Unknown.. can recover sometimes?)
* FreeBSD 4.0-REL (Can recover in short period)
* Possibly others.. it is a rather widespread problem.
Unaffected operating systems:
* OpenBSD seems to be unaffected
* Windows 2000 seems to be unaffected
For more information on NAPTHA visit:
http://razor.bindview.com/publish/advisories/adv_NAPTHA.html
[ Credit and Disclaimer ]
An advisory was released by Razor on November 30th. I had not
involvement with the discovery or release of this advisory. This e-Mail
is simply a summary to help system administrators and other individuals
who are interested or are experiencing problems learn about the
attack. I shared my experiences and summarized some information from
the advisory.
I am just sharing the information. Good luck to the vendors,
and good luck to the rest of the world. I sure have not had a fun time
resulting these attacks.
Regards,
--
__ ______ ____
/ \ / \ \ / / White Vampire\Rem
\ \/\/ /\ Y / http://www.gammagear.com/ (Gear for the BOFH)
\ / \ / http://www.webfringe.com/
\__/\ / \___/ http://www.gammaforce.org/
\/ "Silly hacker, root is for administrators."
----- End forwarded message -----
--
Rodrigo Barbosa (morcego) - rodrigob@conectiva.com.br
Conectiva R&D Team - http://distro.conectiva.com.br
"Quis custodiet custodes?" - http://www.conectiva.com
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
next reply other threads:[~2000-12-07 17:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-12-07 17:02 Rodrigo Barbosa (aka morcego) [this message]
2000-12-07 17:10 ` [whitevampire@MINDLESS.COM: Naptha - New DoS] Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20001207150247.G24723@conectiva.com.br \
--to=rodrigob@conectiva.com.br \
--cc=linux-kernel@vger.kernel.org \
--cc=riel@conectiva.com.br \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.