Re: Sychronized Crashing on Two RH 4.1 Boxes? DoS PROBLEM?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Dave Cinege: "For the love of god!!! PLEASE somebody update 3com vortex config listing."
• Previous message: Hans-Joachim Baader: "Re: [2.0.30] solid lock with SCSI, floppy and audio access"

> It looks like someone is crashing my machines intentionally, although
> there is nothing in any log files. Interestingly the machine with
> the lower IP address (on the same /24) reboots 30 seconds to a minute
> before the one with the higher IP address.
>
> Also interesting is the RH 4.0 machine, with an IP address in between
> the two RH 4.1 machines, doesn't crash. But its got some wierd messages
> in dmesg:
>
> ICMP redirect from 207.17.94.65
> ICMP redirect from 207.17.94.65
> ICMP: failed checksum from 206.215.159.105!
> ARP: arp called for own IP address
> ICMP: failed checksum from 206.215.159.105!
> ARP: arp called for own IP address
> ARP: arp called for own IP address
> ICMP redirect from 193.124.94.1
> ICMP redirect from 207.240.0.9
> ICMP redirect from 207.240.0.9
> ICMP redirect from 207.240.0.9
> ICMP redirect from 207.240.0.9
> ICMP redirect from 207.240.0.9
> ICMP redirect from 194.85.33.46
> ICMP redirect from 194.85.33.46
> ICMP redirect from 194.85.33.46

Ah! I've seen spontaneous reboots _very_ shortly after ICMP failed
checksum messages on two occasions (2.0.27 and 1.2.13). Perhaps there is
an undiscovered kernel bug allowing an effective DoS attack?

Chris

• Next message: Dave Cinege: "For the love of god!!! PLEASE somebody update 3com vortex config listing."
• Previous message: Hans-Joachim Baader: "Re: [2.0.30] solid lock with SCSI, floppy and audio access"