Date: Tue, 7 May 2002 10:51:37 -0700 (PDT) From: Patrick Thomas <root@utility.clubscholarship.com> To: <freebsd-hackers@freebsd.org> Cc: <Alan.Judge@eircom.net>, <dima@freebsd.org> Subject: syncookies exploit behavior Message-ID: <20020507104534.T63159-100000@utility.clubscholarship.com>
next in thread | raw e-mail | index | archive | help
Two questions regarding the syncookies issue - 1. What kind of crash is it ? I have an issue where my machine has no response at the console, and none of the services work (pop, imap, etc.) HOWEVER you can still ping it, and you can still initiate connections to services - they just dont talk or respond at all - and cron jobs no longer run. Someone suggested that it looks like my userland is frozen, but my kernel is still running. Is that the kind of crash you get when you encounter the syncookies problem ? 2. Is there any way to scour tcpdump on the _affected_ machine to see if syncookies was indeed your problem ? This is sort of two questions - first, will the machine be crashed so fast it won't have time to write tcpdump output to a file for the packet that caused the crash ? and second, if it is possible, what would that tcpdump output look like ? I suspect you can't scour tcpdump for it, since this problem can be caused by legitimate traffic. comments appreciated, PT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020507104534.T63159-100000>