[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wierd LOCAL DOS Attack which effects Slackware, OpenBSD 3.0 and SuSE Linux

Hi All:

    Last night ALL of my boxes, 1 ancient Slackware box, 1 OpenBSD
3.0 box and a SuSe box running KDM were crashed by a particularly
Malicious DOS attack. I was wondering if anyone else here has
experienced the same problem. I have attached the Dmesg for the
OpenBSD Box below.

All the boxes were at the login prompt exept for the SuSe Box which
had KDM up and running. When we awoke the screens of the Slackware 
box and the OpenBSD box were covered with random characters and
were unresponsive. The OpenBSD box would not even reboot with 
Control-Alt-Delete. (It has the sysctl entry for that type of
reboot), The slackware box did reboot on ctl-alt-del. The SuSe box
dropped OUT of KDM to a text based login prompt. When we went to login
it rebooted itself. 

ALL 3 boxes did fsck on reboot.

>From what i can gather, we have 2 new household members who held down
random keys without hitting enter on the keyboard, crashing all 3
boxes.  Perhaps "login" needs a patch to defeat this DOS. It should
not be possible for a person to crash the box by simply holding down
a key at the login prompt.

I have put up a webpage with pictures of the culprits, so that people
can avoid having them attack your computers. We are not pressing
charges, but we are going to keep them away from our computers.
Perhaps Theo has had a similar problem ?

The culprits are shown at http://www.surferz.net/~marina/kittenz.html.

                   Marina Brown

OpenBSD 3.0 (GENERIC) #94: Thu Oct 18 14:48:27 MDT 2001
cpu0: F00F bug workaround installed
cpu0: Intel Pentium (P54C) ("GenuineIntel" 586-class) 167 MHz
real mem  = 33140736 (32364K)
avail mem = 25440256 (24844K)
using 430 buffers containing 1761280 bytes (1720K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(ad) BIOS, date 01/05/96, BIOS32 rev. 0 @ 0xfb150
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xb668
pcibios0: PCI BIOS has 5 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB PCI-ISA" rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82437FX" rev 0x02
pcib0 at pci0 dev 7 function 0 "Intel 82371FB PCI-ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371FB IDE" rev 0x02: DMA, channel 0 wi
red to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <Maxtor 71626 A>
wd0: 16-sector PIO, LBA, 1554MB, 3158 cyl, 16 head, 63 sec, 3184170 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <CREATIVE, CD620E, 1.01> SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 3
vga1 at pci0 dev 8 function 0 "S3 86C968-0 (Vision968)" rev 0x00
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
ep0 at isa0 port 0x300/16 irq 10: address 00:60:8c:84:d4:54, utp/aui (default ut
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask c040 netmask c440 ttymask c4c2
pctr: 586-class performance counters and user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Visit your host, monkey.org