[OpenAFS] Re: Attacks against AFS lead to crashing machines
Gerhard Gonter
gonter@buddy.wu-wien.ac.at
Thu, 6 Jun 2002 19:59:10 +0200 (MES)
According to Dr A V Le Blanc:
> On Thu, 6 Jun 2002 at 14:32:31 +0200 (MEST),
> Wolfgang Friebel <Wolfgang.Friebel@cern.ch> wrote:
> > CERN and other institutes are currently attacked from
> > 130.237.48.109 (sul.e.kth.se)
> > By scanning port 7001 and sending malicious packets the attacker
> > was able to crash AFS servers.
> > Reports have shown that at least Solaris 5.6 and 5.7 machines and AIX
> > 4.3.3 machines are affected, but probably that are not the only platforms.
>
> We had all three of our AFS fileservers crash; these are Silicon
> Graphics machines running IRIX 6.5 and using OpenAFS 1.2.3 (and
> now running OpenAFS 1.2.4). The IP address mentioned does not
> appear in any logs, but it may have escaped logging.
The IP address 130.237.48.109 was logged here by one of our AFS clients
and I asked abuse@kth.se what this was about, here is their answer:
According to KTH-IRT:
| This host is running afscrawler. The result from this scanning will be
| presented here: http://www.usenix.org/events/usenix02/activities.html
+gg
--
Gerhard.Gonter@wu-wien.ac.at Fax: +43/1/31336/702 g.gonter@ieee.org
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria