Date: Tue, 7 May 2002 19:35:03 -0700 (PDT) From: Jason Stone <jason@shalott.net> To: Patrick Thomas <root@utility.clubscholarship.com> Cc: <freebsd-security@freebsd.org> Subject: Re: what does a syncookies attack look like ? Message-ID: <20020507192651.T6630-100000@walter> In-Reply-To: <20020507180602.T8475-100000@utility.clubscholarship.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > My system has the following behavior when it crashes: you can still > ping the server, and you can still open connections on ports where > services are running. However, no responses are given on those ports > - for instance, if you ssh, and use the verbose option, you will see > that the connection is established, but nothing more. I used to see this behaviour quite frequently on systems that ran out of processes or file descriptors - the daemons in question would still be alive, but unable to fork a child to actually handle the request. My solution was to run a system-monitoring daemon that would keep open a log file and periodically write information about the total number of processes, files, memory, etc in use on the system (which it would gather without forking). After rebooting the system, I could then look at this log to see what was going on. You could also write a quick daemon that listened on a socket and, open receiving a connection, spit out the contents of the process table or something. Again, it should not fork, and it should print meaningful error messages if it can't open stuff in /proc, for example. Of course giving away the contents of your process table might not be the best of ideas, and even if you do, you should at least firewall it to known hosts. What evidence do you have that you're being attacked? Is it possible that something on the system has just been misconfigured or something and is eating up all your resources? -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE82I7XswXMWWtptckRAryaAKC9Lqdsx59sTyEzeOb33se6pQOnbgCeMYsw IcGmSTeqkBzFmnRVRQZjvSg= =VCLg -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020507192651.T6630-100000>