[2311] in linux-security and linux-alert archive
[linux-security] IPMASQ and lock-up of all terminals
daemon@ATHENA.MIT.EDU (MeriwetherDJ@nswccd.navy.mil)
Mon Feb 28 14:06:54 2000
From: MeriwetherDJ@nswccd.navy.mil
Message-ID: <27BC18174C3CD2118F6000A0C99E423E026A17BE@CRPHEX02.NAVSSES.NAVY.MIL>
To: linux-security@redhat.com
Date: Mon, 28 Feb 2000 09:55:50 -0500
MIME-Version: 1.0
Content-Type: text/plain
Resent-From: linux-security@redhat.com
[mod: This is the second time in a week that someone asks this
question: is it a new attack? It sure looks to me like "userland" has
completely locked up, but that the kernel is still working. As an
isolated case, my diagnosis is: You probably have a bad block in your
/bin/login program or something like that. When two people report this
in a week, it's starting to become unlikely that two people have a
hole in their /bin/login program at the same time.... -- REW]
I have a strange situation here that I don't know how to follow up on. I
have a box setup that is pretty much only to do ipchains for a couple of
computers behind it. This has occurred for me for both RH6.0 and now RH6.2
beta on an x86..
Symptoms:
All attempts to connect remotely receive a connection, but a login prompt
never comes up.
When I went to the console and turned on the monitor, I had the login
prompt, but written on to the screen was the message
IPMASQ: Reverse ICMP: Checksum error from xxx.xxx.xxx.xxx
where the x's represent and IP address.. message was repeated four times, (I
think).
I can type in a username and hit return, and then nothing happens and it
does not ask for password or anything.
When I pull up other TTY's (hitting alt-F1), the messages are not there,
but when I type in a username, again, nothing happens and it never asks for
a password.
ipchains and forwarding continues to function (i.e. they are still connected
through that box), but everything else I can check appears to be locked up.
CTRL-ALT-DEL does nothing, and I have to do a hard reboot.
Is this an error in my IPCHAINS rules, or something else? What other
information can I provide to help?
Thanks for any help you can give..
James Meriwether
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
