[15942] in Athena Bugs
Re: sun4 8.1.11: ping
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Wed May 13 23:26:51 1998
From: Jonathon Weiss <jweiss@MIT.EDU>
To: Elliot Schwartz <elliot@MIT.EDU>
Cc: Jonathon Weiss <jweiss@MIT.EDU>, bugs@MIT.EDU
In-Reply-To: Your message of "Thu, 23 Oct 1997 18:38:00 EDT."
<199710232238.SAA16643@vorlon.mit.edu>
Date: Wed, 13 May 1998 23:26:45 EDT
OK, everyone watch Jonathon dig old things out of his inbox...
> The execute bit was intentionally removed from ping on the
> dialups, because people were using compromised accounts to
> ping flood. We haven't figured out a permanent solution yet.
>
> If the solution to stop ping floods from dialups was to turn off access to
> ping, does this mean that the compromised accounts were not disabled until
> the user could change their password? If this is the case, I'd be worried
> about what else might be done with the account. If the compromised accounts
> were disabled, then shouldn't that solve the ping problem as well as help
> out the user?
Part of the problem is that it generally wasn't a single user account
that was compromised. This means that for each compromised account,
someone had to figure out which dialup was hosing the net and which
account on the machien was responsible. At the time it was much
easier to turn off ping (getting service restored to the rest of the
dialups was important, and this was a faster way to do it, and it
continued to work after all of the dialup maintainers logged out). Of
course, since then crackers have started bringing in their own network
flooding binaries, and we've gotten better at getting the relevant
accounts disabled. Also, as you may have noticed ping was re-enabled
on the dialups quite a while ago, but without the flood option.
Jonathon
