Hello, I experienced the same problem with several servers running NetWare 5.0 sp4 and BorderManager 3.0 (Enterprise Edition). I discovered this bug a few months ago when doing a NMAP scan. When opening a telnet session to TCP port 2000 and hitting enter, the NetWare server gives the same Short Term MAlloc error you describe, with the difference that it starts with a few million attempts to get more memory. -- Ron van Daal | Syntonic Internet | tel. +31(0)46-4230738 ronvdaalat_private | www.syntonic.net | fax. +31(0)46-4230739 On Wed, 9 Feb 2000, Chicken Man wrote: > 1-27-2000 9:34:47 am: SERVER-5.0-830 [nmID=2000A] > Short Term Memory Allocator is out of Memory. > 1 attempts to get more memory failed. > > The telnet session will not disconnect, unless you manually close the > connection. Over the course of two days (every few minutes or so, YMMV) the > error will repeat, with the number of attempts steadily increasing (by > several million each time). Eventually (again, for us it was two days, YMMV) > the firewall will deny all requests, and eventually crash completely. Our NetWare servers didn't crash, because I took the servers down after noticing the MAlloc error. > <RANT> > Why is the port even accessable from the outside (or the inside for that > matter)? The default BorderManager packet filtering rules indictate that > pretty much everything is being passed. Why is the NLM loaded by default? > Tcpcon shows various other services running that shouldn't be either > (c27-2000 9:34:47 am: SERVER-5.0-830 [nmID=2000A] > Short Term Memory Allocator is out of Memory. > 1 attempts to get more memory failed. I can't find any vulnerabilities in the other services (chargen, echo, discard, etc). Try FILTCFG.NLM to disable these services. -Ron
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:59 PDT