From: Marina Brown Organization: STAR To: misc@openbsd.org Subject: Wierd LOCAL DOS Attack which effects Slackware, OpenBSD 3.0 and SuSE Linux Date: Sat, 8 Dec 2001 19:24:48 -0500 X-Mailer: KMail [version 1.0.29.2] Content-Type: text/plain MIME-Version: 1.0 Message-Id: <01120820014702.02319@tamiru> Content-Transfer-Encoding: quoted-printable Status: RO X-Status: S Hi All: Last night ALL of my boxes, 1 ancient Slackware box, 1 OpenBSD 3.0 box and a SuSe box running KDM were crashed by a particularly Malicious DOS attack. I was wondering if anyone else here has experienced the same problem. I have attached the Dmesg for the OpenBSD Box below. All the boxes were at the login prompt exept for the SuSe Box which had KDM up and running. When we awoke the screens of the Slackware=20 box and the OpenBSD box were covered with random characters and were unresponsive. The OpenBSD box would not even reboot with=20 Control-Alt-Delete. (It has the sysctl entry for that type of reboot), The slackware box did reboot on ctl-alt-del. The SuSe box dropped OUT of KDM to a text based login prompt. When we went to login it rebooted itself.=20 ALL 3 boxes did fsck on reboot. =46rom what i can gather, we have 2 new household members who held down random keys without hitting enter on the keyboard, crashing all 3 boxes. Perhaps "login" needs a patch to defeat this DOS. It should not be possible for a person to crash the box by simply holding down a key at the login prompt. I have put up a webpage with pictures of the culprits, so that people can avoid having them attack your computers. We are not pressing charges, but we are going to keep them away from our computers. Perhaps Theo has had a similar problem ? The culprits are shown at http://www.surferz.net/~marina/kittenz.html. Marina Brown ----------- OpenBSD 3.0 (GENERIC) #94: Thu Oct 18 14:48:27 MDT 2001 deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: F00F bug workaround installed cpu0: Intel Pentium (P54C) ("GenuineIntel" 586-class) 167 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8 real mem =3D 33140736 (32364K) avail mem =3D 25440256 (24844K) using 430 buffers containing 1761280 bytes (1720K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(ad) BIOS, date 01/05/96, BIOS32 rev. 0 @ 0xfb1= 50 pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xb668 pcibios0: PCI BIOS has 5 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB PCI-ISA" rev 0= x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc0000/0x8000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82437FX" rev 0x02 pcib0 at pci0 dev 7 function 0 "Intel 82371FB PCI-ISA" rev 0x02 pciide0 at pci0 dev 7 function 1 "Intel 82371FB IDE" rev 0x02: DMA, chann= el 0 wi red to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 1554MB, 3158 cyl, 16 head, 63 sec, 3184170 secto= rs wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom remo= vable cd0(pciide0:1:0): using PIO mode 3 vga1 at pci0 dev 8 function 0 "S3 86C968-0 (Vision968)" rev 0x00 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 ep0 at isa0 port 0x300/16 irq 10: address 00:60:8c:84:d4:54, utp/aui (def= ault ut p) pcppi0 at isa0 port 0x61 midi0 at pcppi0: sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask c040 netmask c440 ttymask c4c2 pctr: 586-class performance counters and user-level cycle counter enabled dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=3D0x0 rrootdev=3D0x300 rawdev=3D0x302