From: Willy Tarreau <willy@w.ods.org>
To: Wolfpaw - Dale Corse <admin@wolfpaw.net>
Cc: peter@mysql.com, linux-kernel@vger.kernel.org, netdev@oss.sgi.com
Subject: Re: Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial of Service Attack
Date: Sun, 12 Sep 2004 20:18:43 +0200 [thread overview]
Message-ID: <20040912181843.GA3619@alpha.home.local> (raw)
In-Reply-To: <20040912175946.GA3491@alpha.home.local>
Hi again, Dale,
I forgot to say that you don't need to fear releasing your exploit. I
developped its equivalent 4 years ago to stress-test web servers and
proxies, and if I launch it against victim:23, I get the exact same
result within seconds : a CLOSE_WAIT socket :
attacker> ./connectdata 10.0.3.2 23 200 1
ERROR: connect()=-1, nbconn=134 : Connection refused
ERROR: connect()=-1, nbconn=135 : Connection refused
ERROR: connect()=-1, nbconn=136 : Connection refused
ERROR: connect()=-1, nbconn=137 : Connection refused
The program connects 200 sockets to the same IP:port, and sends the begining
of an HTTP request.
victim> sudo netstat -atnp|grep -v LISTEN
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 17 0 10.0.3.2:23 10.0.3.1:38214 CLOSE_WAIT 1333/inetd
It's even not necessary to send data, then even faster to block my very old
inetd :
attacker> ./connectdata-nb 10.0.3.2 23 200
200 connections established.
Press any key so exit.
This time, it sends 200 non-blocking connect() calls without any data. It
takes a fraction of a second with the same result. Hopefully, it'll will
help Peter and you reproduce the problem faster on mysql.
Both programs have been freely available here for two years ; I didn't think
they would be useful again !
http://w.ods.org/tools/connect/
Regards,
Willy
next prev parent reply other threads:[~2004-09-12 18:18 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <029201c498d8$dff156f0$0300a8c0@s>
2004-09-12 15:45 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial of Service Attack Wolfpaw - Dale Corse
2004-09-12 16:47 ` Petri Kaukasoina
2004-09-12 17:59 ` Willy Tarreau
2004-09-12 17:17 ` Alan Cox
2004-09-12 18:18 ` Willy Tarreau [this message]
[not found] <02a401c498e9$9167aff0$0300a8c0@s>
2004-09-12 17:29 ` Wolfpaw - Dale Corse
2004-09-12 17:04 ` Alan Cox
2004-09-12 19:23 ` Toon van der Pas
2004-09-13 3:18 ` Paul Jakma
2004-09-13 3:30 ` Paul Jakma
2004-09-13 4:18 ` Willy Tarreau
2004-09-13 4:25 ` Paul Jakma
2004-09-13 19:07 ` Tonnerre
2004-09-13 19:18 ` Willy Tarreau
2004-09-13 19:25 ` Paul Jakma
2004-09-13 20:11 ` Ville Hallivuori
2004-09-14 14:55 ` Paul Jakma
2004-09-14 15:10 ` Alan Cox
2004-09-14 16:26 ` Paul Jakma
2004-09-14 16:09 ` Alan Cox
2004-09-14 17:17 ` Paul Jakma
2004-09-20 22:02 ` Florian Weimer
2004-09-21 2:14 ` Herbert Xu
2004-09-21 18:32 ` Florian Weimer
2004-09-21 19:56 ` David S. Miller
2004-09-21 20:04 ` Florian Weimer
2004-09-21 20:25 ` David S. Miller
2004-09-21 20:51 ` Florian Weimer
2004-09-14 19:41 ` Willy Tarreau
2004-09-14 18:56 ` Alan Cox
2004-09-20 22:03 ` Florian Weimer
2004-09-20 23:12 ` Alan Cox
[not found] <02b201c498f6$8bb92540$0300a8c0@s>
2004-09-12 18:40 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified)Denial " Wolfpaw - Dale Corse
2004-09-12 18:01 ` Alan Cox
2004-09-12 19:48 ` Willy Tarreau
2004-09-13 6:59 ` Jurjen Oskam
[not found] <02b001c498f6$7942bc50$0300a8c0@s>
2004-09-12 18:52 ` Wolfpaw - Dale Corse
2004-09-12 18:06 ` Alan Cox
[not found] <02bf01c498ff$b6512470$0300a8c0@s>
2004-09-12 19:42 ` Linux 2.4.27 SECURITY BUG - TCP Local and REMOTE(verified) Denial " Wolfpaw - Dale Corse
2004-09-12 19:53 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040912181843.GA3619@alpha.home.local \
--to=willy@w.ods.org \
--cc=admin@wolfpaw.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@oss.sgi.com \
--cc=peter@mysql.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.