Re: FreeBSD and the Rose Attack / NewDawn

From: Mike Silbersack (silby_at_silby.com)
Date: 05/07/05

  • Next message: Kris Kennaway: "Re: SOLVED: Degraded TCP performace on Intel PRO/1000" 
    Date: Fri, 6 May 2005 18:56:01 -0500 (CDT)
To: gandalf@digital.net

    I'll take a look at it while I'm at BSDCan next week. From your website's
    description of the attack, I don't see why FreeBSD would be affected so
    greatly... we must be wasting a lot of time traversing linked lists / etc.

    Mike "Silby" Silbersack

    On Mon, 2 May 2005 gandalf@digital.net wrote:

    > Greetings and Salutations:
    >
    > I *just* got my FreeBSD setup stable and working witha KDE GUI. :-). I know, easy for you guys but this is the first time I have set up FreeBSD with automatic updates. I settled on FreeBSD 5.4 after many tries.
    >
    > I tried the Rose Attack / NewDawn against my laptop (it is a slow Pentium II 400 MHz Dell Inspiron 7000):
    > http://digital.net/~gandalf/Rose_Frag_Attack_Explained.htm
    >
    > Specifically:
    > ./NewDawn4 1 <IP Address> 0 5 9999 99999999 4000 2
    >
    > My machine locked up at pretty close to 100% when viewing the top command.
    >
    > I asked a fellow worker who had a PIII 733 MHz to take a look and he reported about 70% CPU increase.
    >
    > FYI. You might wish to take a look into this, IMHO this is a decent CPU DOS.
    >
    > Ken
    >
    > ------------------------------------------------------------------
    > Do not meddle in the affairs of wizards for they are subtle and
    > quick to anger.
    > Ken Hollis - Gandalf The White - gandalf@digital.net - O- TINLC
    > WWW Page - http://gandalf.home.digital.net/
    > Trace E-Mail forgery - http://gandalf.home.digital.net/spamfaq.html
    > Trolls crossposts - http://gandalf.home.digital.net/trollfaq.html
    >
    >
    > _______________________________________________
    > freebsd-net@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-net
    > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
    >
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Kris Kennaway: "Re: SOLVED: Degraded TCP performace on Intel PRO/1000"

    Relevant Pages

    • Silly crackers... NT is for kids...
      ... exploit on my FreeBSD web server as if it were an NT server... ... Now, this does absolutely nothing to my server, as it is a FreeBSD machine ... that it is one person orchestrating the whole attack in a pathetic attempt ... anyone know a place where I could get the binary and source code so that I ...
      (FreeBSD-Security)
    • Re: away
      ... I feel as Tarasov Alexey. ... I have made lots of work in FreeBSD threading work, this includes kernel ... the attack made to me is very harmful, I feel I can not recover from ...
      (freebsd-stable)
    • FreeBSD Security Advisory FreeBSD-SA-03:06.openssl
      ... FreeBSD includes software from the OpenSSL Project. ... an RSA timing attack, ...
      (Bugtraq)
    • [bsdcan-announce] BSDCan - less than four weeks! (fwd)
      ... The BSD Canada Conference (BSDCan) is just a few weeks away -- May 18-19 in Ottawa, ... This is a great opportunity to meet up with other FreeBSD developers and users, learn about exciting work taking place in FreeBSD, and it's also a chance to talk about your own work. ...
      (freebsd-stable)
    • Fw: Silly crackers... NT is for kids... - DOH!
      ... found that this is the CODE RED worm! ... > exploit on my FreeBSD web server as if it were an NT server... ... > that it is one person orchestrating the whole attack in a pathetic attempt ...
      (FreeBSD-Security)