[OpenAFS] Re: fileserver crash, potential DOS

Nathan Neulinger nneul@umr.edu
Sat, 31 Mar 2001 09:53:22 -0600

> > Since you're still getting hit from the offending client, why
> > not collect some network traffic from the offending client and suggest they
> > use that for their analysis?
> Yes, we did that yesterday.  Hopefully it will help.  However there was
> a response to this earlier on openafs-info from someone who claimed to
> have seen this before and saying it was caused by a client machine that
> changes its IP address.  We'll have to test that theory on Monday with
> one of our machines.  We haven't actually seen the remote machine change
> addresses since we've been logging activity, but that doesn't mean it
> didn't do it in the beginning.  Curiously enough the person who reported
> this being due to an address change said they switched their servers
> from AFS 3.6 2.5 to OpenAFS 1.0.3 and the problem went away.  I guess
> it's time to seriously consider making that move here.

FYI - ethereal (www.ethereal.com) has fairly extensive decoding support
for AFS traffic. If there's anything afs that it doesn't decode that you
need, let me know and I'll try to get it added. There's alot left for it
to decode, just adding it as I feel like working on it.

-- Nathan

Nathan Neulinger                       EMail:  nneul@umr.edu
University of Missouri - Rolla         Phone: (573) 341-4841
CIS - Systems Programming                Fax: (573) 341-4216