[unisog] Attacks on AFS

Kevin Rowland krowland at nd.edu
Fri Jun 7 02:59:48 GMT 2002


Check out the OpenAFS list archives for a thread that follows this. You
can find them here:

http://lists.openafs.org/pipermail/openafs-info/2002-June/thread.html

The short story is that some folks at the Royal Institute of Technology
(kth.se) have been scanning for AFS clients collecting statistics on AFS
usage. Results of these scans are apparently going to be presented at the
AFS Workshop at USENIX02.

I think it is still being determined which specific AFS calls actually
wreaked the havoc ;-) , but I believe there was no malicous intent.


-- kevin

/------------------------------------------------------------------\
| Kevin Rowland                   Office of Information Technology |
| Sr. Systems Engineer            University of Notre Dame         |
|                                                                  |
| pgpKeyID: 0x83C89CCE                                             |
| fingerprint: 7750 F81A BBD9 8487 18DC  5312 154E FCBA 83C8 9CCE  |
| http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83C89CCE     |
\------------------------------------------------------------------/

On Thu, 6 Jun 2002, Anderson Johnston wrote:

> 
> We've gotten a notice that AFS servers have been crashed at some sites by
> a scan of port 7001 followed by "malicious packets".  The attacking
> packets have source IP 130.237.48.109 (sul.e.kth.se).
> 
> Does anyone know anything about this?  Particularly about the nature of
> the "mailcious packet"?
> 
> 						Thanks,
> 						- Andy Johnston
> 
> ------------------------------------------------------------------------------
> ** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
> ** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
> ** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
> ** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **
> ------------------------------------------------------------------------------
> 
> 
> 



More information about the unisog mailing list