[OpenAFS] Re: Attacks against AFS lead to crashing machines

[Derrick J Brashear]

I had nothing to do with this, but I will point out the following in the
interest of truth. You're welcome to tell me I'm wrong, but these are the
facts.

On Thu, 6 Jun 2002, Erwin Broschinski wrote:

> 
> We could see a dozen servers (Solaris 2.6) rebooting for hours this morning!
> Our AFS cell was blocked. This was a malicious attack and I cannot believe that

Your assertion that it was malicious does not make it so, unless somehow
you know the intent of the people doing it. Since I doubt your
omniscience, we'll move on. 

> someone  from Usenix is officially responsible and will present this beside

No one from USENIX is officially responsible. Someone who is presenting a
paper at a USENIX conference did something. USENIX did not sanction or
authorize the work. 

> free pizza and soda on the next AFS workshop.
> The answer from KTH-IRT looks like a bad joke!
> 
> What's this 'afscrawler' anyhow? 

That I don't know yet; I know we're going to hear about it, and basically
no details beyond that. Based on what's involved, I'd guess something
that sends an RPC to machines and discovers if they're running an AFS
client, and if so, what cell they're in, the goal being to discover how
widespread AFS is. From the name, I might further guess that it uses the
equivalent of rxdebug on the fileserver to discover clients, and rxdebug
on clients to discover servers, and builds a tree, but that's even deeper
speculation.

Note the name is afscrawler, not afscrasher. The intent is clear from
where I'm sitting. Not really any different than if Google were to upgrade
their web crawler and inadvertantly tickle a bug in the Netscape web
server. Asserting evilness where none was intended does not make it so,
regardless of what you might say.

-D