Comment 3 for bug 901716

Thanks for the update, can you please provide instructions on how to do this?

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Marc Deslauriers
Sent: Friday, January 27, 2012 8:51 AM
To: John Zimmerman (johzimme)
Subject: [Bug 901716] Re: Permanent CPU Hog During TCP Flood on Portmap andRPC.STATD

Please report this issue to the upstream eglibc project, and link the
resulting bug here. Thanks.

** Changed in: eglibc (Ubuntu)
       Status: New => Incomplete

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/901716

Title:
  Permanent CPU Hog During TCP Flood on Portmap and RPC.STATD

Status in “eglibc” package in Ubuntu:
  Incomplete

Bug description:
  I’m investigating a Permanent CPU DoS resulting from a TCP flood
  attack against the TCP ports bound to the Portmap and RPC.STATD
  services in Ubuntu 10.04. I’ve found a similar issue on RedHat and it
  appears the vulnerability/bug is in glibc
  (https://bugzilla.redhat.com/show_bug.cgi?id=702300). However, I
  wasn't able to find a similar bug in Ubuntu. The cause may be
  different, but it appears similar.

  The glibc version installed on my Ubuntu 10.04 server is “libglib2.0-0
  2.24.1-0ubuntu1”.

  To reproduce, download the following tools from the internet and execute the following commands:
  1. arpspoof -i eth1 -t <ubuntu-ip-address> <source-spoof-ip-addr>
  2. srvr -SAa -i eth1 <source-spoof-ip-addr> [srvr is part of the Naptha tool]
  3. hping2 <ubuntu-ip-address> -p <port-number> -S -a <source-spoof-ip-addr> -i u10000 –q
      Note: portnumber is 111 for portmap and the port dynamically bound to rpc.statd (via netstat -lnup | grep rpc.statd)

  Thanks,
  John Zimmerman

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716/+subscriptions