> What kernel version are you running, and do you have SYN Cookies enabled
2.2.5
>only ftp is affected;
Sadly i'd have to say you are incorrect.
To spice up the attack.. try something like this..
kernel:~$ nmap 127.0.[0-255].[0-255] -sT
And what do u get? all services go bye-bye.
>I assume it will recover after some time.
Unfortuately, wrong again. I sat waiting for
my services to come around with no luck.
>so now we have not only disabled ssh.
>it got to scanning 127.0.5.* the load
>went right down to 10. and ssh was
>running again.
Very true, sshd seems to struggle but does
indeed come back up (although with much
difficulty.)
I've managed to code a little tool that "locks"
up sshd remotely rendering it useless.
(along with basically any other daemon
running on a linux machine)
btw.. just out of interests sake, i'm running
Slackware 4.0.0 with syn cookies enabled
on a pII 350 and 128m ram.
Please also take note i've tested this against
every version of linux i can get my hands on
and it _does_ work on all distributions.
Anyone run this against any FreeBSD machines
etc..?
Regards
hotmetal of (src)
hotmetal_at_hack.co.za
( www.hack.co.za )
(e x p l o i t m a t r i x)
(world domination in progress)
Received on Jun 03 1999
Intro
