Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!blackbush.xlink.net!scsing.switch.ch!ubnsrv.unisource.ch!news From: Robin Stephenson <robin@coretec.ch> Newsgroups: comp.unix.bsd.bsdi.misc Subject: denial of service: BSDI and the X Window system Date: 23 Jan 1996 20:50:55 +0100 Organization: Coretec GmbH Lines: 40 Sender: rss@babylon.coretec.ch Message-ID: <x791iy8zc0.fsf@babylon.coretec.ch> Reply-To: robin@coretec.ch NNTP-Posting-Host: babylon.coretec.ch X-Newsreader: Gnus v5.0.13 ---begin--- From cjs@netcom.com (cjs) Organization NETCOM On-line Communication Services (408 261-4700 guest) Date Mon, 22 Jan 1996 16:36:13 GMT Newsgroups alt.2600 Message-ID <cjsDLLCsD.Aq1@netcom.com> I just discovered a pretty fatal flaw in BSDI. When you run an X server on BSDI, it takes over the console and has sole posession of the screen and keyboard (can't hotkey out to another VC like you can in Linux). BSDI has some legacy code in it which will not allow a virtual console to act truely virtual -- and instead of scrolling the virtual console beneith the X server, it will accumulate 12K or so of output and any additional output (including that from syslog and anything that depends on it) will block, and the network functions will cease working not long after. This can be avoided by either not running X, reconfiguring syslog not to dump output to the screen, and/or running stty -flush periodicly. But most people don't know to do any of those things, and BSDI out of the box can easily be disabled using the above technique. I think the easiest way to produce console messages is either 1) talk bombing root, 2) packet bombing the machine with packets containing bogus CRCs, or 3) spraying the machine with random discontinous IP fragments. I'm many Unixes have simular behavior, and this is a nifty way to knock them off the net for a while. Christopher ---end--- I would be interested to know what is being done about this, and indeed, in knowing the `best' way of stopping this sort of attack. -- -- Robin Stephenson - send email with subject `send pgp key' for pgp key Pain Reliever