forwarded messge below.
Thought it was interesting enough.
Remark: after the attack there are lines like the following in messages:
Mar 8 00:10:55 tantalus sshd[242]: error: accept: No route to host
looks like the routes have vanished, but the interface is still active
attached is the kernel configuration, just in case
one additional output from messages not included in email below (111.111.111.111 and 'tantalus' inserted by me, don't know if the guy sending the email wants his hosts IP/name in the public).
Mar 8 00:09:04 tantalus kernel: Warning: possible SYN flood from 195.186.5.114 on 111.111.111.111:80. Sending cookie
s.
Mar 8 00:10:05 tantalus kernel: Warning: possible SYN flood from 212.40.5.72 on 111.111.111.111:80. Sending cookies.
Mar 8 00:10:55 tantalus sshd[242]: error: accept: No route to host
Mar 8 00:11:40 tantalus sshd[242]: error: accept: No route to host
Mar 8 00:11:47 tantalus kernel: Warning: possible SYN flood from 194.148.13.250 on 111.111.111.111:80. Sending cooki
es.
Mar 8 00:12:25 tantalus sshd[242]: error: accept: No route to host
Mar 8 00:13:13 tantalus sshd[242]: error: accept: No route to host
----------------------------------------
Hi,
I am having strange problems with my Alphastation 500, now running Kernel
2.2.3 (the problem turned up with kernel 2.0.35 and 2.2.2ac7). That when the
maschine gets attacked, the network interface (eth0) stops working. What
happens : I can ping my own eth0 from the console, but pinging the network
times out. Likewise an other host on the internet cannot ping my Server.
The fact that this accured with 2.2.2ac7 and 2.0.35 leads me to belive it
may not be kerrnel problem. But what i found strange was the server was up
the whole day. syn_cookie support was in the kernel, but not enabled. at
about 22:00 CET i enabled that with "echo 1 >
/proc/sys/net/ipv4/tcp_syncookies" and while later (about 20 min - 30 min)
the connection died on me ( i was logged in with telnet) .. and after that
there was no more answer till i reset the server this morning.
The Server is Running :
Kernel 2.2.3 (was 2.2.2ac7 yesterday)
Apache 1.3.4 & PHP 3.07 & Ben-SSL 1.3.1
Sendmail 8.9.3
I compiled thease programs with egcs 1.1.1
/var/log/messages shows :
Mar 10 22:54:38 tantalus kernel: possible SYN flooding on port 80. Sending
cookies.
Mar 10 22:55:39 tantalus kernel: possible SYN flooding on port 80. Sending
cookies.
Mar 10 22:56:39 tantalus kernel: possible SYN flooding on port 80. Sending
cookies.
Mar 10 22:57:39 tantalus kernel: possible SYN flooding on port 80. Sending
cookies.
<snip>
Mar 11 02:13:13 tantalus kernel: possible SYN flooding on port 80. Sending
cookies.
One other wierd thing : named was not running .. and there were no hourly
stats in the log file ..
hmm wonder if thats got anything to do with it...
no other strange log messages ..
Update : i just had an other telnet session open ( this time 2.2.3) and the
network I/F died again :((
I booted the alpha about 1,5 hours ago ..
and again . in /var/log/messages
Mar 11 11:45:13 tantalus kernel: possible SYN flooding on port 80. Sending
cookies
<snip>
Mar 11 11:55:08 tantalus kernel: possible SYN flooding on port 80. Sending
cookies.
I will update BIND, inetd , and net-tools , but if that doesn't help .. i am clueless
and disable syn_cookie support . .(could it be buggy ?)
and boy are my customers unhappy
Regards
(someone)
==
-- Michael Hasenstein http://www.csn.tu-chemnitz.de/~mha/ Private Pilot (ASEL) since 1998 _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com--0-1749698586-921165656=:27585 Content-Type: text/plain; name="ttt.txt" Content-Description: ttt.txt Content-Disposition: inline; filename="ttt.txt"
Mein .config vom kernel 2.2.3 und 2.2.2ac7
# # Automatically generated by make menuconfig: don't edit #
# # Code maturity level options # CONFIG_EXPERIMENTAL=y
# # Loadable module support # CONFIG_MODULES=y # CONFIG_MODVERSIONS is not set CONFIG_KMOD=y
# # General setup # # CONFIG_ALPHA_GENERIC is not set CONFIG_ALPHA_ALCOR=y # CONFIG_ALPHA_XL is not set # CONFIG_ALPHA_BOOK1 is not set # CONFIG_ALPHA_AVANTI is not set # CONFIG_ALPHA_CABRIOLET is not set # CONFIG_ALPHA_DP264 is not set # CONFIG_ALPHA_EB164 is not set # CONFIG_ALPHA_EB64P is not set # CONFIG_ALPHA_EB66 is not set # CONFIG_ALPHA_EB66P is not set # CONFIG_ALPHA_JENSEN is not set # CONFIG_ALPHA_LX164 is not set # CONFIG_ALPHA_MIATA is not set # CONFIG_ALPHA_MIKASA is not set # CONFIG_ALPHA_NONAME is not set # CONFIG_ALPHA_NORITAKE is not set # CONFIG_ALPHA_PC164 is not set # CONFIG_ALPHA_P2K is not set # CONFIG_ALPHA_RAWHIDE is not set # CONFIG_ALPHA_RUFFIAN is not set # CONFIG_ALPHA_RX164 is not set # CONFIG_ALPHA_SX164 is not set # CONFIG_ALPHA_SABLE is not set # CONFIG_ALPHA_TAKARA is not set CONFIG_PCI=y CONFIG_ALPHA_EV5=y CONFIG_ALPHA_CIA=y # CONFIG_ALPHA_SRM is not set CONFIG_ALPHA_EISA=y # CONFIG_SMP is not set # CONFIG_PCI_QUIRKS is not set CONFIG_PCI_OLD_PROC=y CONFIG_NET=y CONFIG_SYSVIPC=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_SYSCTL=y CONFIG_BINFMT_AOUT=y CONFIG_BINFMT_ELF=y CONFIG_BINFMT_MISC=y # CONFIG_BINFMT_JAVA is not set CONFIG_BINFMT_EM86=y # CONFIG_PARPORT is not set
# # Plug and Play support # # CONFIG_PNP is not set
# # Block devices # CONFIG_BLK_DEV_FD=y # CONFIG_BLK_DEV_IDE is not set # CONFIG_BLK_DEV_HD_ONLY is not set # CONFIG_BLK_DEV_LOOP is not set # CONFIG_BLK_DEV_NBD is not set CONFIG_BLK_DEV_MD=y # CONFIG_MD_LINEAR is not set CONFIG_MD_STRIPED=y # CONFIG_MD_MIRRORING is not set # CONFIG_MD_RAID5 is not set # CONFIG_MD_BOOT is not set # CONFIG_BLK_DEV_RAM is not set # CONFIG_BLK_DEV_XD is not set CONFIG_PARIDE_PARPORT=y # CONFIG_PARIDE is not set # CONFIG_BLK_DEV_HD is not set
# # Networking options # CONFIG_PACKET=y CONFIG_NETLINK=y # CONFIG_RTNETLINK is not set CONFIG_NETLINK_DEV=y CONFIG_FIREWALL=y # CONFIG_FILTER is not set CONFIG_UNIX=y CONFIG_INET=y # CONFIG_IP_MULTICAST is not set # CONFIG_IP_ADVANCED_ROUTER is not set # CONFIG_IP_PNP is not set CONFIG_IP_FIREWALL=y CONFIG_IP_FIREWALL_NETLINK=y CONFIG_NETLINK_DEV=y # CONFIG_IP_ALWAYS_DEFRAG is not set # CONFIG_IP_ROUTER is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set CONFIG_IP_ALIAS=y CONFIG_SYN_COOKIES=y # CONFIG_INET_RARP is not set CONFIG_SKB_LARGE=y # CONFIG_IPV6 is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_BRIDGE is not set # CONFIG_LLC is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_NET_FASTROUTE is not set # CONFIG_NET_HW_FLOWCONTROL is not set # CONFIG_CPU_IS_SLOW is not set
# # QoS and/or fair queueing # # CONFIG_NET_SCHED is not set
# # SCSI support # CONFIG_SCSI=y CONFIG_BLK_DEV_SD=y CONFIG_CHR_DEV_ST=y CONFIG_BLK_DEV_SR=y # CONFIG_BLK_DEV_SR_VENDOR is not set # CONFIG_CHR_DEV_SG is not set # CONFIG_SCSI_MULTI_LUN is not set CONFIG_SCSI_CONSTANTS=y # CONFIG_SCSI_LOGGING is not set
# # SCSI low-level drivers # # CONFIG_SCSI_7000FASST is not set # CONFIG_SCSI_ACARD is not set # CONFIG_SCSI_AHA152X is not set # CONFIG_SCSI_AHA1542 is not set # CONFIG_SCSI_AHA1740 is not set # CONFIG_SCSI_AIC7XXX is not set # CONFIG_SCSI_ADVANSYS is not set # CONFIG_SCSI_IN2000 is not set # CONFIG_SCSI_AM53C974 is not set # CONFIG_SCSI_MEGARAID is not set # CONFIG_SCSI_BUSLOGIC is not set # CONFIG_SCSI_DTC3280 is not set # CONFIG_SCSI_EATA is not set # CONFIG_SCSI_EATA_DMA is not set # CONFIG_SCSI_EATA_PIO is not set # CONFIG_SCSI_FUTURE_DOMAIN is not set # CONFIG_SCSI_GDTH is not set # CONFIG_SCSI_GENERIC_NCR5380 is not set # CONFIG_SCSI_INITIO is not set # CONFIG_SCSI_INIA100 is not set # CONFIG_SCSI_NCR53C406A is not set # CONFIG_SCSI_SYM53C416 is not set # CONFIG_SCSI_NCR53C7xx is not set # CONFIG_SCSI_NCR53C8XX is not set # CONFIG_SCSI_PAS16 is not set # CONFIG_SCSI_PCI2000 is not set # CONFIG_SCSI_PCI2220I is not set # CONFIG_SCSI_PSI240I is not set # CONFIG_SCSI_QLOGIC_FAS is not set CONFIG_SCSI_QLOGIC_ISP=y # CONFIG_SCSI_QLOGIC_FC is not set # CONFIG_SCSI_SEAGATE is not set # CONFIG_SCSI_DC390T is not set # CONFIG_SCSI_T128 is not set # CONFIG_SCSI_U14_34F is not set # CONFIG_SCSI_ULTRASTOR is not set # CONFIG_SCSI_DEBUG is not set
# # Network device support # CONFIG_NETDEVICES=y # CONFIG_ARCNET is not set # CONFIG_DUMMY is not set # CONFIG_EQUALIZER is not set # CONFIG_ETHERTAP is not set CONFIG_NET_ETHERNET=y # CONFIG_NET_VENDOR_3COM is not set # CONFIG_LANCE is not set # CONFIG_NET_VENDOR_SMC is not set # CONFIG_NET_VENDOR_RACAL is not set # CONFIG_RTL8139 is not set # CONFIG_YELLOWFIN is not set # CONFIG_ACENIC is not set # CONFIG_NET_ISA is not set CONFIG_NET_EISA=y # CONFIG_PCNET32 is not set # CONFIG_AC3200 is not set # CONFIG_APRICOT is not set # CONFIG_CS89x0 is not set # CONFIG_DE4X5 is not set CONFIG_DEC_ELCP=y # CONFIG_DGRS is not set # CONFIG_EEXPRESS_PRO100 is not set # CONFIG_LNE390 is not set # CONFIG_NE3210 is not set # CONFIG_NE2K_PCI is not set # CONFIG_TLAN is not set # CONFIG_VIA_RHINE is not set # CONFIG_ES3210 is not set # CONFIG_EPIC100 is not set # CONFIG_ZNET is not set # CONFIG_NET_POCKET is not set # CONFIG_FDDI is not set # CONFIG_HIPPI is not set # CONFIG_DLCI is not set # CONFIG_PPP is not set # CONFIG_SLIP is not set # CONFIG_NET_RADIO is not set # CONFIG_TR is not set # CONFIG_SHAPER is not set # CONFIG_HOSTESS_SV11 is not set # CONFIG_COSA is not set # CONFIG_RCPCI is not set
# # Amateur Radio support # # CONFIG_HAMRADIO is not set
# # ISDN subsystem # # CONFIG_ISDN is not set
# # Old CD-ROM drivers (not SCSI, not IDE) # # CONFIG_CD_NO_IDESCSI is not set
# # Character devices # CONFIG_VT=y CONFIG_VT_CONSOLE=y CONFIG_SERIAL=y # CONFIG_SERIAL_CONSOLE is not set # CONFIG_SERIAL_EXTENDED is not set # CONFIG_SERIAL_NONSTANDARD is not set CONFIG_UNIX98_PTYS=y CONFIG_UNIX98_PTY_COUNT=256 CONFIG_MOUSE=y
# # Mice # # CONFIG_ATIXL_BUSMOUSE is not set # CONFIG_BUSMOUSE is not set # CONFIG_MS_BUSMOUSE is not set CONFIG_PSMOUSE=y # CONFIG_82C710_MOUSE is not set # CONFIG_PC110_PAD is not set # CONFIG_QIC02_TAPE is not set CONFIG_WATCHDOG=y
# # Watchdog Cards # # CONFIG_WATCHDOG_NOWAYOUT is not set # CONFIG_WDT is not set CONFIG_SOFT_WATCHDOG=y # CONFIG_PCWATCHDOG is not set # CONFIG_ACQUIRE_WDT is not set # CONFIG_NVRAM is not set # CONFIG_RTC is not set
# # Video For Linux # # CONFIG_VIDEO_DEV is not set
# # Joystick support # # CONFIG_JOYSTICK is not set # CONFIG_DTLK is not set
# # Ftape, the floppy tape device driver # # CONFIG_FTAPE is not set
# # Filesystems # CONFIG_QUOTA=y # CONFIG_AUTOFS_FS is not set # CONFIG_ADFS_FS is not set # CONFIG_AFFS_FS is not set # CONFIG_HFS_FS is not set CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y # CONFIG_UMSDOS_FS is not set CONFIG_VFAT_FS=y CONFIG_ISO9660_FS=y CONFIG_JOLIET=y # CONFIG_MINIX_FS is not set # CONFIG_NTFS_FS is not set # CONFIG_HPFS_FS is not set CONFIG_PROC_FS=y CONFIG_DEVPTS_FS=y # CONFIG_QNX4FS_FS is not set # CONFIG_ROMFS_FS is not set CONFIG_EXT2_FS=y # CONFIG_SYSV_FS is not set # CONFIG_UFS_FS is not set
# # Network File Systems # # CONFIG_CODA_FS is not set # CONFIG_NFS_FS is not set # CONFIG_NFSD is not set # CONFIG_SUNRPC is not set # CONFIG_LOCKD is not set # CONFIG_SMB_FS is not set # CONFIG_NCP_FS is not set
# # Partition Types # # CONFIG_BSD_DISKLABEL is not set # CONFIG_MAC_PARTITION is not set # CONFIG_SMD_DISKLABEL is not set # CONFIG_SOLARIS_X86_PARTITION is not set # CONFIG_UNIXWARE_DISKLABEL is not set CONFIG_NLS=y
# # Native Language Support # # CONFIG_NLS_CODEPAGE_437 is not set # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set CONFIG_NLS_CODEPAGE_850=y # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set # CONFIG_NLS_CODEPAGE_860 is not set # CONFIG_NLS_CODEPAGE_861 is not set # CONFIG_NLS_CODEPAGE_862 is not set # CONFIG_NLS_CODEPAGE_863 is not set # CONFIG_NLS_CODEPAGE_864 is not set # CONFIG_NLS_CODEPAGE_865 is not set # CONFIG_NLS_CODEPAGE_866 is not set # CONFIG_NLS_CODEPAGE_869 is not set # CONFIG_NLS_CODEPAGE_874 is not set CONFIG_NLS_ISO8859_1=y # CONFIG_NLS_ISO8859_2 is not set # CONFIG_NLS_ISO8859_3 is not set # CONFIG_NLS_ISO8859_4 is not set # CONFIG_NLS_ISO8859_5 is not set # CONFIG_NLS_ISO8859_6 is not set # CONFIG_NLS_ISO8859_7 is not set # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_ISO8859_9 is not set # CONFIG_NLS_ISO8859_15 is not set # CONFIG_NLS_KOI8_R is not set
# # Console drivers # CONFIG_VGA_CONSOLE=y # CONFIG_FB is not set
# # Sound # CONFIG_SOUND=y # CONFIG_SOUND_ES1370 is not set # CONFIG_SOUND_ES1371 is not set # CONFIG_SOUND_SONICVIBES is not set # CONFIG_SOUND_MSNDCLAS is not set # CONFIG_SOUND_MSNDPIN is not set CONFIG_SOUND_OSS=y # CONFIG_SOUND_DMAP is not set # CONFIG_SOUND_PAS is not set # CONFIG_SOUND_SB is not set CONFIG_SOUND_ADLIB=y # CONFIG_SOUND_GUS is not set # CONFIG_SOUND_MPU401 is not set # CONFIG_SOUND_PSS is not set CONFIG_SOUND_MSS=y # CONFIG_SOUND_SPRO is not set CONFIG_MSS_BASE=530 CONFIG_MSS_IRQ=11 CONFIG_MSS_DMA=3 CONFIG_MSS_DMA2=-1 # CONFIG_SOUND_SSCAPE is not set # CONFIG_SOUND_TRIX is not set # CONFIG_SOUND_MAD16 is not set # CONFIG_SOUND_WAVEFRONT is not set # CONFIG_SOUND_CS4232 is not set # CONFIG_SOUND_OPL3SA2 is not set # CONFIG_SOUND_MAUI is not set # CONFIG_SOUND_SGALAXY is not set # CONFIG_SOUND_AD1816 is not set # CONFIG_SOUND_OPL3SA1 is not set # CONFIG_SOUND_SOFTOSS is not set # CONFIG_SOUND_YM3812 is not set # CONFIG_SOUND_VMIDI is not set # CONFIG_SOUND_UART6850 is not set
# # Additional low level sound drivers # # CONFIG_LOWLEVEL_SOUND is not set
# # Kernel hacking # CONFIG_MATHEMU=y # CONFIG_MAGIC_SYSRQ is not set
--0-1749698586-921165656=:27585--
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/