[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MiNTnuke invented?



Hi everyone!

Well, we've all had a good laugh at the bug in Windows 95/NT which made it
possible to throw them off the net with a simple program, but it now
appears the MiNT-setup has a weak point as well..

For some time, a guy has been experimenting on me to find security
breaches (with my permission :) ). So far his warsoftware failed, but when
he did a simple portscan on me to look for new possibilities, I ran into
trouble. Suddenly my modem started transmitting like mad, the TX led kept
on glowing. I couldn't do anything on the net anymore. So I killed all
in.* processes (which were all from the portscan), but it didn't help.
Then I got thrown off IRC (connection timed out), and a netstat command
showed all ports were closed, still the transmitting went on. I killed the
complete inetd, but it didn't help. After I killed pppd and reconnected,
all was back to normal. 

The most likely cause seems to be the SLD (Serial Line Daemon), which is
confirmed by others who have oticed some instability in SLD as well,
although never as bad as this. It seems logical, because it went on after
all ports were closed, so it must be in or below the TCP/IP layers.

So probably sending a SIGHUP to SLD could have saved me, but I didn't
realise it at the time. And the annoying thing is, I haven't been able to
reconstruct the problem. I survived all portscans that were tried on me
after that. I do remember that a longer time ago, someone did a scan on me
and my computer kept on transmitting for a long time, but then it stopped. 
Also, while that happened, my own connections still worked, although slow. 
At the time I thought I was being pingflooded so I didn't give it any
notice. 

Anyway, it might be good to look into the stability of SLD, and it would
also be nice if we could work out what other circumstances cause a
portscan to succeed or fail as a "mintnuke". :) First thing to find out is
of course if sending SIGHUP to SLD will stop the problem. I'll keep on
trying to get in trouble again.. maybe others who aren't running a vital
server could experiment a little as well? :)) 

Maurits.

--


Change is inevitable, except from a vending machine.

          Maurits van de Kamp (maurits@bassment.demon.nl)

    _____    B A S S M E N T   P R O D U C T I O N S     _____
  /     /\\     >> http://www.bassment.demon.nl <<     /     /\\
 /     /=/ \     ________________________________     /     /=/ \
|      \/   |   / Black Currant                  \   |      \/   |
|   /\      |  |             bc@bassment.demon.nl |  |   /\      |
 \ /=/     /   |  Purple Trance                   |   \ /=/     /
  \\/____ /     \            pt@bassment.demon.nl/     \\/____ /
     \           \______________________________/        /
      \_____________\_/_\_/_\_/____\_/_\_/_\_/__________/