[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ4] stops responding on all but ping

Subject: Re: [cobalt-users] [RaQ4] stops responding on all but ping
From: flash22@xxxxxxx
Date: Sat Oct 20 12:57:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 20 Oct 1988, Gerald Waugh wrote:

> > Oct 14 12:58:58 ww3 kernel: Suspect TCP fragment.
> > Oct 14 12:58:58 ww3 kernel: eth0 PROTO=6 218.122.122.1:0 193.xxx.xxx.xxx:0
> This just might be a bad packet coming in.?

Nope, it's a DOS attack...from the kernel code itself:

        /*
         *      Don't allow a fragment of TCP 8 bytes in. Nobody
         *      normal causes this. Its a cracker trying to break
         *      in by doing a flag overwrite to pass the direction
         *      checks.
         */
         
        if (offset == 1 && ip->protocol == IPPROTO_TCP) {
                if (!testing && net_ratelimit()) {
                        printk("Suspect TCP fragment.\n");

Someone is sending bogus packets to try to exaust kernel memory and kill
the server, firewall time :)

gsh

Follow-Ups:
- RE: [cobalt-users] [RaQ4] stops responding on all but ping
  - From: support

References:
- Re: [cobalt-users] [RaQ4] stops responding on all but ping
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-users] Raq3 System status Error - I M P O R T A N T
Next by Date: [cobalt-users] CPU go up to 90 degrees celcius
Previous by thread: RE: [cobalt-users] [RaQ4] stops responding on all but ping
Next by thread: RE: [cobalt-users] [RaQ4] stops responding on all but ping

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index