Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] ppptp Denial-Of-Service Attack
  • From: Boris Lorenz <bolo@xxxxxxx>
  • Date: Wed, 06 Feb 2002 17:30:08 +0100
  • Message-id: <3C615A10.9A970A4A@xxxxxxx>
Fuchs Josef wrote:
>
> Dear List!
>
> I use SuSE 7.3 with latest updates loaded.
>
> I´ve discovered a problem with MS-VPN (ppp).
> When some Win98 PC connect to the VPN on the firewall, the firewall will
> stop (DOS) immediatly. Its hanging fully so that i can only switch the
> power off. No reaction on Keyboard.
>
> This problem is specific to 2 PCs which are owned by an related company.
> When I try to connect to VPN with clean installed Win98 it´s working
> fine.
>
> The problem is occuring EVERY time, when one of the 2 PCs try to connect,
> and ONLY then.

Yeah, yeah... Windows...!

> I sent you some part of the system messages.
[...]
> kind regards
> Josef Fuchs
>
> ----snip----
[...]
> Feb 6 08:56:05 fwley squid[1843]: Squid Parent: child process 1844
> exited due to signal 11
> Feb 6 08:56:05 fwley kernel: Unable to handle kernel paging request at
> virtual address 240296ed
> Feb 6 08:56:05 fwley kernel: printing eip:
> Feb 6 08:56:05 fwley kernel: c012cc0a
> Feb 6 08:56:05 fwley kernel: *pde = 00000000
> Feb 6 08:56:05 fwley kernel: Oops: 0000
> Feb 6 08:56:05 fwley kernel: CPU: 0
> Feb 6 08:56:05 fwley kernel: EIP: 0010:[__free_pages+2/32]
> Feb 6 08:56:05 fwley kernel: EFLAGS: 00010246
> Feb 6 08:56:05 fwley kernel: eax: 240296d5 ebx: 00000000 ecx:
> 240296d5 edx: 00000000
> Feb 6 08:56:05 fwley kernel: esi: d36870a0 edi: d36870fc ebp:
> c411e698 esp: d2843e88
> Feb 6 08:56:05 fwley kernel: ds: 0018 es: 0018 ss: 0018
> Feb 6 08:56:05 fwley kernel: Process squid (pid: 1844,
> stackpage=d2843000)
> Feb 6 08:56:05 fwley kernel: Stack: c01f029d d36870a0 00000081 c01f02db
> d36870a0 d36870a0 c01f0441 d36870a0
> Feb 6 08:56:05 fwley kernel: d36870a0 00000000 c020ab53 d36870a0
> c029f520 00015554 d2843f80 d2843f80
> snip---------

What we have here is a Kernel oops. Your squid/ppptp did something
stupid and died, tearing the system down (which shouldn't happen too
often). How many users do you have? D'you have lots of traffic?

Unfortunately you didn't state your kernel (2.2? 2.4?)/squid/ppptpd
versions and your machine specs; also, it seems that there's an auth
problem with one of the Win98 boxes (notice the CHAP error in your log
excerpt).

< Previous Next >
Follow Ups
References