Re: DoS attack against TCP services
On Fri, 6 Feb 2015, Robert Elz wrote: What's more, it seems peculiar to your system, as no-one else seems to be reporting similar problems. So I'd be investigating how the timers are working (or are not working) in the kernel - perhaps even try selecting a different timer. Just to make sure. If the bug described here be the cause? If the problem is already fixed? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7250 Regards Uwe
Re: DoS attack against TCP services
On Feb 7, 12:53pm, 6b...@6bone.informatik.uni-leipzig.de (6b...@6bone.informatik.uni-leipzig.de) wrote: -- Subject: Re: DoS attack against TCP services | On Fri, 6 Feb 2015, Robert Elz wrote: | | > What's more, it seems peculiar to your system, as no-one else seems to | > be reporting similar problems. So I'd be investigating how the timers | > are working (or are not working) in the kernel - perhaps even try | > selecting a different timer. | | | Just to make sure. If the bug described here be the cause? If the problem | is already fixed? | | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7250 I don't know; I will take look, but in this case the connections are initiated by the inflicted system. christos
Re: DoS attack against TCP services
chris...@zoulas.com (Christos Zoulas) writes: > On Feb 7, 12:53pm, 6b...@6bone.informatik.uni-leipzig.de > (6b...@6bone.informatik.uni-leipzig.de) wrote: > -- Subject: Re: DoS attack against TCP services > > | On Fri, 6 Feb 2015, Robert Elz wrote: > | > | > What's more, it seems peculiar to your system, as no-one else seems to > | > be reporting similar problems. So I'd be investigating how the timers > | > are working (or are not working) in the kernel - perhaps even try > | > selecting a different timer. > | > | > | Just to make sure. If the bug described here be the cause? If the problem > | is already fixed? > | > | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7250 > > I don't know; I will take look, but in this case the connections are > initiated by the inflicted system. And so far we don't have any traces showing packets that look like attacks. pgp0ttnAHMhRF.pgp Description: PGP signature
Re: DoS attack against TCP services
On Sat, 7 Feb 2015, Greg Troxel wrote: I don't know; I will take look, but in this case the connections are initiated by the inflicted system. And so far we don't have any traces showing packets that look like attacks. There must be no attack, yes. However, it is described that the attack exploits a memory leak. Maybe this can lead to problems in normal usage. http://vigilance.fr/vulnerability/FreeBSD-NetBSD-OpenBSD-memory-leak-via-Net-2-TCP-Timer-15696 And as Robert Elz suspected a problem with a timer that bug might fit. The article says: "However, the implementation of TCP Timers is invalid. The memory allocated to process them is never freed." Regards Uwe
Re: DoS attack against TCP services
On Feb 5, 12:29am, 6b...@6bone.informatik.uni-leipzig.de (6b...@6bone.informatik.uni-leipzig.de) wrote: -- Subject: Re: DoS attack against TCP services | dmesg reports in loger intervals: | | nd6_storelladdr: something odd happens | | I do not know if this is the cause for the TIME_WAIT connections or a | consequence of TIME_WAIT connections. Ok, can you run netstat -A, copy the PCB address of a couple of those stuck connections and then use netstat -P to dump the PCB info? I am interested of what the timers are... In current I added some more info about the flags... christos
Re: DoS attack against TCP services
It might all be the same bug. I just meant that so far, at least the mailinglist and me privately do not have any evidence that you are actually being attacked. (And, it seems like Christos is fixing up the timer logic, which will help all around.) pgpbJzhACMA0A.pgp Description: PGP signature
daily CVS update output
Updating src tree: P src/external/bsd/openldap/dist/servers/slapd/filter.c P src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c P src/external/cddl/osnet/Makefile.inc P src/external/cddl/osnet/dist/cmd/dtrace/dtrace.c P src/external/cddl/osnet/dist/common/ctf/ctf_create.c P src/external/cddl/osnet/dist/common/ctf/ctf_hash.c P src/external/cddl/osnet/dist/common/ctf/ctf_labels.c P src/external/cddl/osnet/dist/common/ctf/ctf_lookup.c P src/external/cddl/osnet/dist/common/ctf/ctf_open.c P src/external/cddl/osnet/dist/common/ctf/ctf_types.c P src/external/cddl/osnet/dist/lib/libctf/common/ctf_lib.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_aggregate.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_as.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_cc.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_cg.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_consume.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_dis.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_dof.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_ident.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_lex.l P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_link.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_list.h P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_module.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_open.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_options.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_parser.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_pid.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_pragma.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_printf.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_proc.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_program.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_subr.c P src/external/cddl/osnet/dist/lib/libdtrace/common/dt_work.c P src/external/cddl/osnet/dist/lib/libgen/common/gmatch.c P src/external/cddl/osnet/dist/tools/ctf/cvt/ctf.c P src/external/cddl/osnet/dist/tools/ctf/cvt/ctfmerge.c P src/external/cddl/osnet/dist/tools/ctf/cvt/ctftools.h P src/external/cddl/osnet/dist/tools/ctf/cvt/dwarf.c P src/external/cddl/osnet/dist/tools/ctf/cvt/st_parse.c P src/external/cddl/osnet/dist/tools/ctf/cvt/stabs.c P src/external/cddl/osnet/dist/tools/ctf/cvt/util.c P src/external/cddl/osnet/lib/libdtrace/Makefile P src/external/cddl/osnet/sys/sys/sysmacros.h P src/games/fortune/datfiles/fortunes-o.real P src/sys/arch/amd64/conf/GENERIC U src/sys/arch/arm/amlogic/amlogic_board.c U src/sys/arch/arm/amlogic/amlogic_com.c U src/sys/arch/arm/amlogic/amlogic_comreg.h U src/sys/arch/arm/amlogic/amlogic_intr.h U src/sys/arch/arm/amlogic/amlogic_io.c U src/sys/arch/arm/amlogic/amlogic_reg.h U src/sys/arch/arm/amlogic/amlogic_space.c U src/sys/arch/arm/amlogic/amlogic_var.h U src/sys/arch/arm/amlogic/files.amlogic P src/sys/arch/arm/conf/files.arm P src/sys/arch/arm/cortex/a9_mpsubr.S U src/sys/arch/evbarm/amlogic/amlogic_machdep.c U src/sys/arch/evbarm/amlogic/amlogic_start.S U src/sys/arch/evbarm/amlogic/genassym.cf U src/sys/arch/evbarm/amlogic/platform.h U src/sys/arch/evbarm/conf/ODROID-C1 U src/sys/arch/evbarm/conf/files.amlogic U src/sys/arch/evbarm/conf/mk.amlogic U src/sys/arch/evbarm/conf/std.amlogic P src/sys/arch/xen/x86/xen_ipi.c P src/sys/dev/ic/aic7xxx.c P src/sys/dev/ic/an.c P src/sys/dev/pci/files.pci U src/sys/dev/pci/if_iwm.c U src/sys/dev/pci/if_iwmreg.h U src/sys/dev/pci/if_iwmvar.h P src/sys/dev/sdmmc/sdmmc_mem.c P src/sys/fs/nfs/common/krpc_subr.c P src/sys/fs/nilfs/nilfs_vfsops.c P src/sys/fs/udf/udf_subr.c P src/sys/modules/lua/lua.c P src/sys/sys/callout.h P src/sys/ufs/chfs/chfs_scan.c P src/sys/ufs/chfs/ebh.c P src/usr.bin/kdump/Makefile.ioctl-c P src/usr.bin/netstat/Makefile P src/usr.bin/netstat/inet.c P src/usr.bin/netstat/inet6.c Updating xsrc tree: Killing core files: Running the SUP scanner: SUP Scan for current starting at Sun Feb 8 03:23:47 2015 SUP Scan for current completed at Sun Feb 8 03:24:41 2015 SUP Scan for mirror starting at Sun Feb 8 03:24:41 2015 SUP Scan for mirror completed at Sun Feb 8 03:42:36 2015 Updating file list: -rw-rw-r-- 1 srcmastr netbsd 49120656 Feb 8 03:59 ls-lRA.gz
