[Dshield] unknown attack vs linux server

Jim McCullough jim.mccullough at gmail.com
Sun Oct 2 03:23:03 GMT 2005


I was posed with an interesting question earlier today and have not been
given access to the equipment. The owner of the company is not the most ....
um .... enlightened, yeah, enlightened on what NOT to do. ie. Not
broadcasting that the script kiddies and crackers can have their way and
they wont stop him ( paraphrased ). kernel version is 2.6.10. The system
admin is about as helpful as a box of rocks. Attached is a copy of the
screenshot the sysadmin sent to the company owner. Anyone got a hint of an
idea of anything that can cause a tcp stack overflow on 2.6.10? The sys
admin was quoted as saying it was a "Ping of Death attack". No ids logs or
packet captures to backup this information.

As far as distrobution, all the sysadmin told the company owner was "it is
linux", and left it at that. Too many things went wrong with this picture.
The company owner was told in less than polite terms that sometimes
discression is the better part of valor.


--
Jim McCullough

lesson of the day -
"Don't go asking for trouble,
unless your begging for an eventual butt whoopin"


More information about the list mailing list