Re: To kill a sun:

David LeBlanc (dleblanc@MINDSPRING.COM)
Sun, 14 Dec 1997 00:13:29 -0500

At 03:48 PM 12/13/97 -0500, Jason Zapman II wrote:
>This is sunkill.c
>
>It Affects at least solaris 2.5.1 machines, both sun4c and sun4m
>achitecutures. I imagine it affects all solaris 2.5.1 machines, both sparc
>and x86, but im not sure. It basically works by opening a telnet
>connection on the victim machine and sends a few bad telnet negotiation
>options, then flooods the port with lots of ^D characters. This uses all
>the streams memory (i think) on the victims machine and causes the kernel
>to get very angry. The machien crawls to a halt, the cursor in X stops
>moving, the machine is unresponsive to the network. Its a bad situation
>all around.

In testing against Linux 2.0.29, it appears to cause the load average to
slowly rise. It has been running for a couple of minutes, and the host
seems to be tolerating it OK, but it does seem a little annoyed. Nothing
like what you report vs. Solaris. The Linux box shows no signs of
terminating the connection, though - IMHO, that is a bad thing.

How long does it have to run vs. Solaris to cause mayhem? Has anyone else
found any other OS's vulnerable?

David LeBlanc |Why would you want to have your desktop user,
dleblanc@mindspring.com |your mere mortals, messing around with a 32-bit
|minicomputer-class computing environment?
|Scott McNealy