syndrop / modified version

From: Ted Hickman [Network Admin] (tedat_private)
Date: Wed Apr 15 1998 - 13:36:51 PDT

Next message: Paul: "New possible exploit for 2.0.33 (kfree_skb error)"

Previous message: Scott Stone: "Re: APC UPS PowerChute PLUS exploit..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Sir or Madam,

                Forgive me for this is my first post.  However at
about 12:00 am this morning my machine crashed.

Machine info:
dual 233 mhz smp
256 megs of ram
2.0.33 + solar designer's patch

I was curious as it had an 80 day uptime as to why it crashed.  I found
this in the syslog:

Apr 15 00:44:02 shell kernel: Warning: kfree_skb passed an skb still on
a list (from 03608164).
Apr 15 00:44:02 shell kernel: general protection: 0000
Apr 15 00:44:02 shell kernel: CPU:    0
Apr 15 00:44:02 shell kernel: EIP:    0010:[kfree_skb+146/248]
Apr 15 00:44:02 shell kernel: EFLAGS: 00010206
Apr 15 00:44:02 shell kernel: eax: 00000000   ebx: 40095c44   ecx:
00000030   edx: 00000001
Apr 15 00:44:02 shell kernel: esi: 03608164   edi: 00000000   ebp:
03608138   esp: 001d8738
Apr 15 00:44:02 shell kernel: ds: 0018   es: 0018   fs: 002b   gs:
0018   ss: 0018

I thought that perhaps this was a DOS so I consulted #linux and found
that 5 to 10 other people were experiencing similiar attacks.
With the recent release of syndrop I figured it might be this DOS.
I tried syndrop on myself only to find out that it gave the same error
msg however no crash:

Apr 15 08:48:22 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059ff1c).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 01000058).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059fc28).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059fe20).
Apr 15 08:48:23 shell-2 kernel: Warning: kfree_skb passed an skb still
on a list (from 0059ff1c).

So I figure that this is a modified version of syndrop.  If this has
been reported could you direct me to the patch as my machine has crashed
with the same symptoms about 3 times today.

--

Theodore D. Hickman Jr.
Director of Network Administration
1 (800) 957 0047
tedat_private

Syberspace Corporation
http://www.sy.net
883 Cooper Landing
Rd #244
Cherry Hill, NJ 08002

Next message: Paul: "New possible exploit for 2.0.33 (kfree_skb error)"
Previous message: Scott Stone: "Re: APC UPS PowerChute PLUS exploit..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:22 PDT