Board index Linux

Attacks bringing my system down!

Attacks bringing my system down!

Post by Justin Smit » Fri, 17 Sep 1999 04:00:00



I've posted to this group before about how my Redhat 6.0 system

goes down every few days with dire error messages (like "Aiee !  system panic...).

I ran diagnostics on my machine and it passed all tests. At the same time,

our departmental Sun systems (Ultrasparc servers) slow down to a crawl --- and it

turned out that some hackers are attacking our systems with pings and

telnets (a packet sniffer disclosed that our high-speed network is

completely saturated by pings, ftp's and telnets from a few sources.

The question is: how do I prevent these attacks from crashing my Linux system?

(Disconnecting from the network is not an option...). They slow down Solaris

systems (during the attack itself) but don't kill them off. Our system adminstrator

said that the Linux kernel is full of race conditions that cause it to crash under these circumstances...

Is there some way to reconfigure my system to make it less vulnerable?

--
______________________________________________________________________
                                        |
Time blows wildly against my door       | Justin R. Smith
Stirring discarded sorrows              | Department of Mathematics and
Like dead leaves of summers past        |     Computer Science
Memories of forgotten lore              | Drexel University
Making way for new tomorrows            | Philadelphia, PA 19104
New hopes, new fears,                   |
         and new ways that last         | Office: (215) 895-1847
                                        |
c Justin R. Smith, March 14, 1994       | Fax:    (215) 895-1582

My home page: http://www.mcs.drexel.edu/~jsmith

 
 
 
Top

Attacks bringing my system down!

Post by YouDontKnowWh » Fri, 17 Sep 1999 04:00:00


Sounds like you need a firewall REAL BAD.  Also, have you looked into
/etc/hosts.allow and /etc/hosts.deny?  You can stop many of these
attacks at their very beginning by refusing connects from certain
hosts or domains.  The traffic will remain, but you could minimize the
effect of the Telnet and FTP attempts.

You might want to start by completely closing up your Linux server(s)
and then start opening them up a little bit at a time (see the
"Principle of Minimum Access" below).  Also, check out the following
two URLs:

1.  Setting up a firewall: http://rlz.ne.mediaone.net/linux/ .  This
is a really good site.  If you need help customizing the firewall
script, post a message here (under the same thread, please!) and I'll
try to help you out.

2.  Securing Linux: http://www.securityportal.com/lasg/ .  This is
pretty good guide on security for Linux systems.  The author used to
have a PDF (Acrobat) version of the guide that you could download from
this site, but he appears to have given up on that (too much of a
hassle).  I have a fairly recent copy, which should help you get
going.

Good luck!

--
Principle of Minimum Access: "That which is not explicitly permitted
is denied."

ANNOUNCER: And now we return to our regularly scheduled, uncommonly
entertaining thread...



I've posted to this group before about how my Redhat 6.0 system
goes down every few days with dire error messages (like "Aiee !
system panic...).
I ran diagnostics on my machine and it passed all tests. At the same
time,
our departmental Sun systems (Ultrasparc servers) slow down to a
crawl --- and it
turned out that some hackers are attacking our systems with pings and
telnets (a packet sniffer disclosed that our high-speed network is
completely saturated by pings, ftp's and telnets from a few sources.

The question is: how do I prevent these attacks from crashing my Linux
system?
(Disconnecting from the network is not an option...). They slow down
Solaris
systems (during the attack itself) but don't kill them off. Our system
adminstrator
said that the Linux kernel is full of race conditions that cause it to
crash under these circumstances...

Is there some way to reconfigure my system to make it less vulnerable?

--
______________________________________________________________________
                                        |
Time blows wildly against my door       | Justin R. Smith
Stirring discarded sorrows              | Department of Mathematics
and
Like dead leaves of summers past        |     Computer Science
Memories of forgotten lore              | Drexel University
Making way for new tomorrows            | Philadelphia, PA 19104
New hopes, new fears,                   |
         and new ways that last         | Office: (215) 895-1847
                                        |
c Justin R. Smith, March 14, 1994       | Fax:    (215) 895-1582

My home page: http://www.mcs.drexel.edu/~jsmith

 
 
 
Top

1. Install Solaris on new disk without bringing down the system?

I'm trying to install and configure Solaris 7 on a new disk that will,
eventually, become the boot disk.  Is it possible to do this without
bringing the system down and booting off the CDROM?  It seems like I
ought to be able to run the install from an already running Solaris
system.  That way, I can take as much time as I need without having to
worry about downtime until I'm ready to go.  But I can't find any
documentation that doesn't start with "boot off the cdrom/install
server".

--
Real courtesy requires human effort and understanding.  
Never let your machine or your habit send courtesy copies.

2. limiting virtual hosts on Apache

3. Sco Doctor bringing client systems down

4. Help! Porting? fork()/alarm() on Win32

5. 3c905 startup brings system down

6. Problem with X-tunneling

7. caveats of bringing interfaces up and down on multihomed systems

8. Total System Failure

9. Win 95 Net Traffic Brings Down System

10. How can one app crashing bring down whole system?

11. Can't bring system down to single user mode

12. dosemu brings down system

13. >LATEST ATTACK ON JEWS BRINGS A DEAFENING SILENCE


All times are UTC
Board index