port-mac68k: URGENT security help needed

Subject: URGENT security help needed
To: None <port-mac68k@netbsd.org>
From: David A. Gatwood <dgatwood@gatwood.net>
List: port-mac68k
Date: 03/17/2002 20:45:43

I've just been informed that a critical server (running NetBSD-mac68k)
just got yanked off the net because it was flooding the heck out of the
network.  The machine has been in use for over two years without blinking.
I suspect it's some sort of security vulnerability in the TCP stack
somewhere, as I remember vaguely reading about something similar in NetBSD
a while back.  Unfortunately, I can't find jack on the 'net about it.

I don't have access to the machine currently.  I'll do a post-mortem
tomorrow morning, but I doubt I'll find anything.  It just doesn't seem
likely that anything outside the kernel on a Quadra 800 would be able to
saturate multiple T1 lines....  :-)

The machine is running a 1.4.1 vintage kernel.  First thing I'm going to
do is fetch a current kernel just in case.  Beyond that, any ideas,
thoughts, suggestions, etc.?


Any ideas?
David

---------------------------------------------------------------------
David A. Gatwood                                dgatwood@gatwood.net
Developer Docs Writer                             dgatwood@apple.com
Apple Computer                                  dgatwood@mklinux.org

                    Check out my weekly web comic:
                     http://www.techmagazine.org