This is much worse than it seems.
First of all, a DoS attack could be very serious for
a large site, as you mentioned.
but of course, most large sites today
are hosted on machines with no local servers.
In addition, this could cause loss of data (imagine your machine
freezing - yes, freezing, the bt post was not completely
accurate - in the middle of a huge db sweep).
BTW, no kidding, it's called a DoS attack? I never
heard of those *cough* :)
Nadav Har'El wrote:
>
> On Fri, Dec 10, 1999, Omer wrote about "[Fwd: [BUGTRAQ] Big problem on 2.0.x?]":
> > This was posted to BugTraq today, and it seemed
> > important enough to pass on (even though if you are
> > a sysadmin and do not regularly read BT, you might
> > deserve what you get).
> >
> > It's what I'd call a HUGE problem, not
> > merely a big problem (unless of course you have
> > no local users). In any case, I'd chmod u-s /bin/ping
> > immediatly, and be careful not to ping as root (if
> > you're not sure you're up to it, better make it
> > chmod 000 /bin/ping :)
> >..
> >
>
> I think that under most setups this is not such a "HUGE" problem. This
> is indeed a big problem for a site with hundreds of curious shell users,
> which like to try out if this indeed reboots the machine (remember the
> Pentium lockup bug?). On machines used personally or as web servers, all
> this bug means is that if someone can break into a regular account on your
> server, then they reboot your machine, causing what is known as a DoS, a
> Denial-of-Service attack because they can repeatedly reboot your machine.
> DoS attacks can a big problem for some sites (e-commerce sites, or fbi.gov)
> but much less to most sites, or to your home PC.
>
> A much scarier scenario, in my opinion, is that the intruder gains superuser
> access (through bugs and loopholes in your system), or even worse: if someone
> can break into your machine remotely, without even having to break into an
> account on your machine (e.g., by using a bug in your FTP server, perhaps).
> Both these types of attacks are common, are announced frequently on bugtraq,
> and I've personally seen them happen twice (most sysadmins simply are unaware
> that their machines have been broken into), and caught (in time) an attempt
> to break into my home Linux machine connected through PPP (!). Now these are
> HUGE problems.
>
> --
> Nadav Har'El | Friday, Dec 10 1999, 2 Tevet 5760
> [EMAIL PROTECTED] |-----------------------------------------
> Phone: +972-53-245868, ICQ 13349191 |Cats know what we feel. They don't care,
> http://nadav.harel.org.il |but they know.
>
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
--
/--------------- Omer Efraim, [EMAIL PROTECTED] ------------------\
[ Microsoft Vaccine 2000 is configuring your immune system. This may ]
[ take a few minutes. If your body stops responding for a long time and ]
[ there is no brain activity please die. Setup will continue after you ]
[ are reborn. ]
\-----------------------------------------------------------------------/
- Quoting Buzh, asr
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
