[NTLUG:Discuss] How does this happen?
Kelly Scroggins
kelly at cliffhanger.com
Thu Sep 30 17:26:39 CDT 1999
It's a good thing my box doesn't have the 2.2.x kernel.
kelly
MadHat wrote:
>
> Kelly Scroggins wrote:
> >
> > I found this in my /var/log/secure file today. I've never seen this
> > type of entry before.
> >
> > Anyone know how an attacker can make this happen?
> >
> > Sep 29 04:34:41 c55493-a in.telnetd[6471]: refused connect from unknown
> > Sep 29 04:34:41 c55493-a in.telnetd[6472]: warning: can't get client
> > address: Connection reset by
> > peer
> > Sep 29 04:34:41 c55493-a in.telnetd[6472]: refused connect from unknown
> > Sep 29 04:34:41 c55493-a in.telnetd[6473]: warning: can't get client
> > address: Connection reset by
> > peer
>
> looks like a recent exploit on Linux...
>
> "Linux Kernel 2.2.x ISN Vulnerability
>
> ...
>
> A weakness within the TCP stack in Linux 2.2.x kernels has been
> discovered. The vulnerability makes it possible to "blind-spoof" TCP
> connections.
> It's therefore possible for an attacker to initiate a TCP connection
> from an arbitrary non existing or unresponding IP source address,
> exploiting IP address based access control mechanisms.
>
> Linux 2.0.x kernels were tested against this attack and found not to
> be vulnerable in any case.
>
> ..."
>
> It is fixed in 2.2.13pre13
> and there is a patch ..
>
> --
> MadHat
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list