[OpenAFS] Re: Attacks against AFS lead to crashing machines

Erwin Broschinski broschi@id.ethz.ch
Thu, 06 Jun 2002 21:43:37 +0200 (MEST) 

We could see a dozen servers (Solaris 2.6) rebooting for hours this morning!
Our AFS cell was blocked. This was a malicious attack and I cannot believe that
someone  from Usenix is officially responsible and will present this beside
free pizza and soda on the next AFS workshop.
The answer from KTH-IRT looks like a bad joke!

What's this 'afscrawler' anyhow? 

Erwin


On 06-Jun-2002 Gerhard Gonter wrote:
| According to Dr A V Le Blanc:
|> On Thu, 6 Jun 2002 at 14:32:31 +0200 (MEST),
|>  Wolfgang Friebel <Wolfgang.Friebel@cern.ch> wrote:
|> > CERN and other institutes are currently attacked from
|> > 130.237.48.109 (sul.e.kth.se)
|> > By scanning port 7001 and sending malicious packets the attacker
|> > was able to crash AFS servers.
|> > Reports have shown that at least Solaris 5.6 and 5.7 machines and AIX
|> > 4.3.3 machines are affected, but probably that are not the only
|> > platforms.
|> 
|> We had all three of our AFS fileservers crash; these are Silicon
|> Graphics machines running IRIX 6.5 and using OpenAFS 1.2.3 (and
|> now running OpenAFS 1.2.4).  The IP address mentioned does not
|> appear in any logs, but it may have escaped logging.
| 
| The IP address 130.237.48.109 was logged here by one of our AFS clients
| and I asked abuse@kth.se what this was about, here is their answer:
| 
| According to KTH-IRT:
|| This host is running afscrawler. The result from this scanning will be
|| presented here: http://www.usenix.org/events/usenix02/activities.html| 
| +gg
|  
| -- 
| Gerhard.Gonter@wu-wien.ac.at  Fax: +43/1/31336/702  g.gonter@ieee.org
| Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria
| _______________________________________________
| OpenAFS-info mailing list
| OpenAFS-info@openafs.org
| https://lists.openafs.org/mailman/listinfo/openafs-info


                                                         ''`'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~O-O~~~~~~~
Erwin Broschinski               Tel:    +41 1 632 4281
Swiss Fed. Inst. of Technology  Fax:    +41 1 632 1225 
ETH Zentrum RZ/G8.1             E-Mail: broschi@id.ethz.ch
8092 Zurich                     PGP-key:  
Switzerland                     www.tik.ee.ethz.ch/~pgp/Search.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"Ceterum censeo, 'Parvam Mollim' esse delendam."  (nach Cicero)