[unisog] Attacks on AFS

Mitch Collinsworth mitch at ccmr.cornell.edu
Fri Jun 7 02:02:26 GMT 2002

Based on discussion on the openafs-info list, this is happening due
to a bug in some older versions of IBM AFS that's being tickled by
a program called afscrawler being run out of kth.se.  afscrawler is
apparently a statistics gathering tool intended to measure AFS usage
on the internet.  KTH folks are planning to present their findings
at the AFS Workshop at USENIX next week.  They tested their program
first on their own servers without incident and only learned today
that it was having undesired side effects on other servers.  See
the openafs-info list for further details.


On Thu, 6 Jun 2002, Anderson Johnston wrote:

> We've gotten a notice that AFS servers have been crashed at some sites by
> a scan of port 7001 followed by "malicious packets".  The attacking
> packets have source IP (sul.e.kth.se).
> Does anyone know anything about this?  Particularly about the nature of
> the "mailcious packet"?

More information about the unisog mailing list