DOS attacks on linux computers - Security

This is a discussion on DOS attacks on linux computers - Security ; There are some of us in an office who have been noticing lock-ups on our computers on a weekly basis. We are using linux as our desktop. We have snort monitoring traffic from our firewall. Snort it not showing anything ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: DOS attacks on linux computers

  1. DOS attacks on linux computers

    There are some of us in an office who have been noticing lock-ups on
    our computers on a weekly basis. We are using linux as our desktop.

    We have snort monitoring traffic from our firewall. Snort it not
    showing anything targeting these computers. So my current conclusion
    is that someway somehow one of the internal computers is causing the
    denial of service.

    This started out sporadically over the last few weeks (1 per week out
    of 30), then in the last 24 hours 3 computers have had to be rebooted.
    They are usually just locked up and can't be accessed via ssh or gnome.
    When I have checked, I can ping the computer.

    Log /var/log/message doesn't seem to indicate anything is going on, it
    just stops whenever the computer locks up.

    I've thought there might be a bug somewhere in CentOS4 that is causing
    this, but haven't seen any postings indicating such. But we do have
    systems with the same distro version and they don't seem to be affected
    by this. I thought maybe it was something we were doing on the
    desktop, but when the file server started having problems also, I
    started wondering if maybe there was a problem another computer was
    causing.
    I am looking for a way to find why systems are hanging and if this is
    being caused by an attack on the linux boxes. Is there some cute way
    that script kiddy could be DOS'ing our computers (What would be the
    most likely point of attack?). Is there someway to monitor this
    without DOS'ing ourselves.


  2. Re: DOS attacks on linux computers

    On Thu, 15 Jun 2006 06:03:42 -0700, jim_patterson wrote:

    > There are some of us in an office who have been noticing lock-ups on
    > our computers on a weekly basis. We are using linux as our desktop.
    >


    I would start out by eliminating the simplest possibilities first. Are
    all the machines running X? Does the problem persist if all the machines
    boot into character mode?

  3. Re: DOS attacks on linux computers

    jim_patterson@comcast.net (06-06-15 06:03:42):

    > I am looking for a way to find why systems are hanging and if this is
    > being caused by an attack on the linux boxes. Is there some cute way
    > that script kiddy could be DOS'ing our computers (What would be the
    > most likely point of attack?). Is there someway to monitor this
    > without DOS'ing ourselves.


    First check the privileges. Does everybody have the privilege to
    contact every other computer in the network? What kind of access (NFS,
    FTP, SSH, ...) do your users have to the fileserver? If they cannot run
    code on the fileserver (e.g. using SSH), then this may be a network
    level problem. In that case, install a wiretap somewhere, running on
    another distribution than your current one (so it's not affected as
    well). If the computer behind the wiretap locks up, then check to
    packet log of the wiretap immediately to find out, what was causing
    this.

    All in all, this really sounds like a Linux bug. Two critical
    vulnerabilities have been fixed in the kernel recently (in terms of a
    few months), one of them being remotely, the other one locally
    exploitable. If your distribution uses old Linux versions, upgrade now.
    If it doesn't upgrade to at least 2.4.32 or 2.6.14.6, then it looks like
    you're going to build one on your own.


    Regards,
    E.S.

  4. Re: DOS attacks on linux computers

    On Thu, 15 Jun 2006 06:03:42 -0700, jim_patterson wrote:

    > There are some of us in an office who have been noticing lock-ups on our
    > computers on a weekly basis. We are using linux as our desktop.


    Have you thought of overheating processors as a possible cause? When was
    the last time these cases were blown out?

  5. Re: DOS attacks on linux computers


    jim_patterson@comcast.net wrote:
    > There are some of us in an office who have been noticing lock-ups on
    > our computers on a weekly basis. We are using linux as our desktop.
    >
    > We have snort monitoring traffic from our firewall. Snort it not
    > showing anything targeting these computers. So my current conclusion
    > is that someway somehow one of the internal computers is causing the
    > denial of service.
    >
    > This started out sporadically over the last few weeks (1 per week out
    > of 30), then in the last 24 hours 3 computers have had to be rebooted.
    > They are usually just locked up and can't be accessed via ssh or gnome.
    > When I have checked, I can ping the computer.
    >
    > Log /var/log/message doesn't seem to indicate anything is going on, it
    > just stops whenever the computer locks up.
    >
    > I've thought there might be a bug somewhere in CentOS4 that is causing
    > this, but haven't seen any postings indicating such. But we do have
    > systems with the same distro version and they don't seem to be affected
    > by this. I thought maybe it was something we were doing on the
    > desktop, but when the file server started having problems also, I
    > started wondering if maybe there was a problem another computer was
    > causing.
    > I am looking for a way to find why systems are hanging and if this is
    > being caused by an attack on the linux boxes. Is there some cute way
    > that script kiddy could be DOS'ing our computers (What would be the
    > most likely point of attack?). Is there someway to monitor this
    > without DOS'ing ourselves.

    Systems which went down yesterday were
    -One system which went down yesterday is strictly a smb server. This
    system has not gone down since it was brought up in Oct of last year.
    -The other two are smb server/clients and nfs clients and both are
    running vmware.

    Last month I had one server that hadn't gone down in 3 years go down
    once during 3 straight weeks. It has now been up for 2 straight weeks.

    Thanks for the replies. I have downloaded the latest stable kernel and
    changed my sysctl settings
    echo 1 > /proc/sys/kernel/sysrq

    # /etc/sysctl.conf
    kernel.sysrq=1

    Hopefully I'll either fix the problem or find the problem.
    I am concerned that this setting will adversely effect performance, but
    I'll give it a shot for now.
    I currently do not have another system to use as a tap, so I'll have
    to wait on doing that. I'll also double check whether any of these
    systems are unnecessarily booting into X.


  6. Re: DOS attacks on linux computers

    Good point. One is currently in a hepa environment, another I looked
    at and still appears to be clean (7months in service). The other two,
    I should probably check. I'm a little superstitious about cleaning a
    computer. I have had them quit working after blowing them. I think I
    tilted the can on one occasion and got moisture on the system and on
    another something got loosened up. The later eventually started
    working again.
    prodigal1 wrote:
    > On Thu, 15 Jun 2006 06:03:42 -0700, jim_patterson wrote:
    >
    > > There are some of us in an office who have been noticing lock-ups on our
    > > computers on a weekly basis. We are using linux as our desktop.

    >
    > Have you thought of overheating processors as a possible cause? When was
    > the last time these cases were blown out?



  7. Re: DOS attacks on linux computers

    On Thu, 15 Jun 2006 11:55:51 -0700, jim_patterson wrote:

    > Good point. One is currently in a hepa environment, another I looked at
    > and still appears to be clean (7months in service). The other two, I
    > should probably check. I'm a little superstitious about cleaning a
    > computer. I have had them quit working after blowing them. I think I
    > tilted the can on one occasion and got moisture on the system and on
    > another something got loosened up. The later eventually started working
    > again.


    My technique is not for the faint of heart. I take the filthy beasts out
    onto my back porch, fire up my Toro electric leaf blower, and wail the
    living tar out of the insides of the box. Full blast! Watch those dust
    bunnies blow up real good. I have yet to wreck one yet. But I digress...

+ Reply to Thread