[OpenAFS] windows issues
Scott D. Williams
sdw@email.unc.edu
Wed, 09 Oct 2002 09:34:08 -0400
Hi David,
Here at UNC we determined that "random" afsd_service.exe crashes (OpenAFS
1.2.6) were due to a dramatic increase in attacks on Microsoft
Networking/NetBIOS ports (137, 138, 139). More specifically, it is believed
these probes/attacks originate from remote hosts infected with the
'onaServ' worm.
The attacker(s) were attempting to mount the 'C' drive of the OpenAFS
windows client's loopback SMB server. This request gets flagged as a
bad/malformed packet and often (but not always) causes the service to crash
or misbehave. Exactly why the error handling varies among "identical"
systems has not yet been addressed.
These ports have been closed at the campus Internet router and this problem
has disappeared.
--Scott
> Date: Thu, 03 Oct 2002 12:01:05 -0700 (MST)
> From: David Bear <David.Bear@asu.edu>
> To: openafs-info@openafs.org
> Subject: [OpenAFS] windows issues
>
>
> strange happenings with win2k and openafs 1.2.2b.
>
> Worked fine yesterday.
>
> today, try to get tokens.. always fails.
>
> Then from cmd window issue:
>
> net stop "IBM AFS Client"
> net start "IBM AFS Client"
>
> stops and starts successfully. Then klog ..
>
> works!!! Why?
>
> --
> David Bear
> College of Public Programs/ASU
> 480-965-8257
> ...the way is like water, going where nobody wants it to go