This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/13630] New: Permanent CPU Hog During TCP Flood on Portmap and RPC.STATD


http://sourceware.org/bugzilla/show_bug.cgi?id=13630

             Bug #: 13630
           Summary: Permanent CPU Hog During TCP Flood on Portmap and
                    RPC.STATD
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: johzimme@cisco.com
    Classification: Unclassified


Iâm investigating a Permanent CPU DoS resulting from a TCP flood attack against
TCP ports bound to the Portmap and RPC.STATD services in Ubuntu 10.04. The
Ubuntu support team suggested to file a bug directly with glibc. 

To reproduce, download the following tools from the internet and execute the
following commands:
1. arpspoof -i eth1 -t <ubuntu-ip-address> <source-spoof-ip-addr>
2. srvr -SAa -i eth1 <source-spoof-ip-addr> [srvr is part of the Naptha tool]
3. hping2 <ubuntu-ip-address> -p <port-number> -S -a <source-spoof-ip-addr> -i
u10000 âq


Note: The port-number above is 111 for portmap and you can find the the port
dynamically bound to rpc.statd via "netstat -lnup | grep rpc.statd"

Thanks,
John Zimmerman

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]