[OpenAFS] Re: Attacks against AFS lead to crashing machines

Dr A V Le Blanc Dr A V Le Blanc <LeBlanc@mcc.ac.uk>
Thu, 6 Jun 2002 18:46:01 +0100


On Thu, 6 Jun 2002 at 14:32:31 +0200 (MEST),
 Wolfgang Friebel <Wolfgang.Friebel@cern.ch> wrote:
> CERN and other institutes are currently attacked from
> 130.237.48.109 (sul.e.kth.se)
> By scanning port 7001 and sending malicious packets the attacker
> was able to crash AFS servers.
> Reports have shown that at least Solaris 5.6 and 5.7 machines and AIX
> 4.3.3 machines are affected, but probably that are not the only platforms.

We had all three of our AFS fileservers crash; these are Silicon
Graphics machines running IRIX 6.5 and using OpenAFS 1.2.3 (and
now running OpenAFS 1.2.4).  The IP address mentioned does not
appear in any logs, but it may have escaped logging.

     -- Owen
     LeBlanc@mcc.ac.uk