[OpenAFS] Attacks against AFS lead to crashing machines

Hans-Werner Paulsen hans@MPA-Garching.MPG.DE
Fri, 7 Jun 2002 10:21:41 +0200


On Thu, Jun 06, 2002 at 11:21:54PM +0200, Jimmy Engelbrecht wrote:
> 
> Wolfgang Friebel <friebel@ifh.de> writes:
> 
> >  CERN and other institutes are currently attacked from
> >  130.237.48.109 (sul.e.kth.se)
> 
> We are very sorry if packets from our scanning program have caused you
> problems by triggering a bug in some AFS clients. We had no malicious
> intent by using a documented AFS call nor could we imagine that this
> would cause you so much grief. We tested our probing software on our
> own cell first and had - unfortunately for you - no crashes.

Which documentation did you use?

> The bug that caused the trouble is probably a memory leak that is fixed in
> the OpenAFS 1.2.x releases and has never existed in Arla. We do not know yet
> what IBM/Transarc versions are fixed or not.

We had system crashes on 5 of our AFS server machines, but they were
running OpenAFS-1.2.3 and AIX-4.3.3. Therefore it is  n o t  fixed
in OpenAFS 1.2.x.

-- 
Hans-Werner Paulsen		hans@MPA-Garching.MPG.DE
MPI für Astrophysik		Tel 089-30000-2602
Karl-Schwarzschild-Str. 1	Fax 089-30000-2235	
D-85741 Garching