Re: I don't think my message was taken seriously (2.0.36 socket & sendto errors)

Michael H. Warfield (mhw@wittsend.com)
Sun, 22 Nov 1998 11:29:20 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: Linux-2.1.129.."
Previous message: Markus Kossmann: "Warning: dev (03:07) tty->count(0) != #fd's(2) in do_tty_hangup"
Next in thread: Mark Harburn: "Re: I don't think my message was taken seriously (2.0.36 socket & sendto errors)"
Reply: Mark Harburn: "Re: I don't think my message was taken seriously (2.0.36 socket & sendto errors)"

Mark Harburn enscribed thusly:

> Humm....
> > You people that think that I was not using root to execute the
> >programs, are wrong, and further more, it gives you a different error
> >then it does a normal user! The problem has just occured after my
> >upgrade to 2.0.36 from 2.0.35. I constantly add machines on networks
> >and like to test their vulnerability to attacks.
> Okay, you ran it as root, and? I just downloaded teardrop.c source from
> rootshell, and serveral others, and used them on the 3 2.0.36 machines i
> have access to on the net. All sent the attack fine, without any problems.
> If you don't belive me i'll send you the tcpdump and the command line and
> uname -a :)

> Consitering at this
> >moment my OWN network is being teardroped, it is nice to know what will
> >happen in advance, and firewall/fix anything that is wrong! It only
> >takes 1 minute to go and get newtear.c from rootshell and test it
> >yourself. Instead you act like I am a moron who don't know what I need
> >to run SOCKET programs!

Woa! Time out. The first poster said "newtear.c" and the second
poster said "teardrop.c". These are NOT the same programs! Teardrop
was the original fragmentation DoS exploit. The fix for that appeared
in the Linux sources shortly before the exploit was "announced". The
author of the exploit posted it in response to the fix. Newtear, bonk,
and boink are all subsequent variations of teardrop which worked even
against systems with the original simple teardrop fix. A system may
be solid when attacked by the original teardrop (teardrop.c) and still
vulnerable to newtear or boink. Testing with teardrop.c is insufficient.
You have to test with all of the teardrop varients, independently.

I'm going to test these out shortly against 2.0.36 and 2.1.129...

> No one was saying you were thick, it was a sugestion for the possible
> causes. The only thing I can possibly think that has happend is that
> somone firewaled the ports your trying to use. If you downgrade the kernel
> and don't have the same problems (use the *exact* same config (- the things
> that have changed of course). But you seem to be the only person
> experincing the problem.

> If you are being terdroped, get your uplink to trace the spoofed packets and
> take the people using it to court.

Good luck.

> Mark Harburn.

> >______________________________________________________
> >Get Your Private, Free Email at http://www.hotmail.com

Mike

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Linux-2.1.129.."
Previous message: Markus Kossmann: "Warning: dev (03:07) tty->count(0) != #fd's(2) in do_tty_hangup"
Next in thread: Mark Harburn: "Re: I don't think my message was taken seriously (2.0.36 socket & sendto errors)"
Reply: Mark Harburn: "Re: I don't think my message was taken seriously (2.0.36 socket & sendto errors)"