This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/13630] New: Permanent CPU Hog During TCP Flood on Portmap and RPC.STATD
- From: "johzimme at cisco dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Fri, 27 Jan 2012 16:50:08 +0000
- Subject: [Bug libc/13630] New: Permanent CPU Hog During TCP Flood on Portmap and RPC.STATD
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=13630
Bug #: 13630
Summary: Permanent CPU Hog During TCP Flood on Portmap and
RPC.STATD
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: johzimme@cisco.com
Classification: Unclassified
Iâm investigating a Permanent CPU DoS resulting from a TCP flood attack against
TCP ports bound to the Portmap and RPC.STATD services in Ubuntu 10.04. The
Ubuntu support team suggested to file a bug directly with glibc.
To reproduce, download the following tools from the internet and execute the
following commands:
1. arpspoof -i eth1 -t <ubuntu-ip-address> <source-spoof-ip-addr>
2. srvr -SAa -i eth1 <source-spoof-ip-addr> [srvr is part of the Naptha tool]
3. hping2 <ubuntu-ip-address> -p <port-number> -S -a <source-spoof-ip-addr> -i
u10000 âq
Note: The port-number above is 111 for portmap and you can find the the port
dynamically bound to rpc.statd via "netstat -lnup | grep rpc.statd"
Thanks,
John Zimmerman
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.