[OpenAFS] windows issues

Rodney M Dyer rmdyer@uncc.edu
Wed, 09 Oct 2002 11:26:47 -0400


Mr. Williams,

We've had the same issue here at UNC Charlotte.  We are running Transarc's 
AFS 3.6 v2.32 (Patch 4).  We are seeing random afsd_service.exe crashes on 
our Windows XP machines.  A couple of weeks ago we found extensive probing 
of NetBIOS ports from outside our campus gateway.  We disabled the NetBIOS 
at the gateway and the level of AFS crashes went way down.  We still have 
crashes however because we found other probing coming from compromised 
machines within our own network.

This is a bad thing.  We don't want to keep NetBIOS disabled at the router 
because we actually use Microsoft networking in some cases from the 
internet.  In other cases we run Samba servers for access to AFS filespace 
for people who don't use the AFS client.

Can anyone solve this problem with AFSd being unstable on Windows clients?

Help is appeciated.  Thanks,

Rodney

Rodney M. Dyer
PC Systems Programmer
College of Engineering Computing Services
University of North Carolina at Charlotte
Email rmdyer@uncc.edu
Phone (704)687-3518
Help Desk Line (704)687-3150
FAX (704)687-2352
Office  267 Smith Building

At 09:34 AM 10/9/2002 -0400, you wrote:
>Hi David,
>Here at UNC we determined that "random" afsd_service.exe crashes (OpenAFS 
>1.2.6) were due to a dramatic increase in attacks on Microsoft 
>Networking/NetBIOS ports (137, 138, 139). More specifically, it is 
>believed these probes/attacks originate from remote hosts infected with 
>the 'onaServ' worm.
>
>The attacker(s) were attempting to mount the 'C' drive of the OpenAFS 
>windows client's loopback SMB server. This request gets flagged as a 
>bad/malformed packet and often (but not always) causes the service to 
>crash or misbehave. Exactly why the error handling varies among 
>"identical" systems has not yet been addressed.
>
>These ports have been closed at the campus Internet router and this 
>problem has disappeared.
>
>--Scott
>
> > Date: Thu, 03 Oct 2002 12:01:05 -0700 (MST)
> > From: David Bear <David.Bear@asu.edu>
> > To: openafs-info@openafs.org
> > Subject: [OpenAFS] windows issues
> >
> >
> > strange happenings with win2k and openafs 1.2.2b.
> >
> > Worked fine yesterday.
> >
> > today, try to get tokens.. always fails.
> >
> > Then from cmd window issue:
> >
> > net stop "IBM AFS Client"
> > net start "IBM AFS Client"
> >
> > stops and starts successfully. Then klog ..
> >
> > works!!! Why?
> >
> > --
> > David Bear
> > College of Public Programs/ASU
> > 480-965-8257
> > ...the way is like water, going where nobody wants it to go
>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info