[OpenAFS] Attacks against AFS lead to crashing machines
Hans-Werner Paulsen
hans@MPA-Garching.MPG.DE
Fri, 7 Jun 2002 10:21:41 +0200
On Thu, Jun 06, 2002 at 11:21:54PM +0200, Jimmy Engelbrecht wrote:
>
> Wolfgang Friebel <friebel@ifh.de> writes:
>
> > CERN and other institutes are currently attacked from
> > 130.237.48.109 (sul.e.kth.se)
>
> We are very sorry if packets from our scanning program have caused you
> problems by triggering a bug in some AFS clients. We had no malicious
> intent by using a documented AFS call nor could we imagine that this
> would cause you so much grief. We tested our probing software on our
> own cell first and had - unfortunately for you - no crashes.
Which documentation did you use?
> The bug that caused the trouble is probably a memory leak that is fixed in
> the OpenAFS 1.2.x releases and has never existed in Arla. We do not know yet
> what IBM/Transarc versions are fixed or not.
We had system crashes on 5 of our AFS server machines, but they were
running OpenAFS-1.2.3 and AIX-4.3.3. Therefore it is n o t fixed
in OpenAFS 1.2.x.
--
Hans-Werner Paulsen hans@MPA-Garching.MPG.DE
MPI für Astrophysik Tel 089-30000-2602
Karl-Schwarzschild-Str. 1 Fax 089-30000-2235
D-85741 Garching