| |
I0OJJ > SYSOP 09.05.26 14:07z 100 Lines 4381 Bytes #178 (0) @ WW
MID : 212-I0OJJ
Read: GUEST
Subj: TCP SYN data attacks
Path: HB9ON<DK0WUE<ZL2BAU<N2NOV<I0OJJ<I0OJJ
Sent: 260509/1402Z 212@I0OJJ.ITA.EU [Rome] $:212-I0OJJ
>From i0ojj%i0ojj.ita.eu@i0ojj.ampr.org Sat May 9 16:05:01 2026
Received: from i0ojj.ampr.org by i0ojj.ampr.org (JNOS2.0q.1) with SMTP
id AA17059003 ; Sat, 09 May 2026 16:05:01 +0200
Message-Id: <212-I0OJJ@i0ojj.bbs>
>From: i0ojj@i0ojj.ita.eu
X-JNOS-User-Port: Telnet (i0ojj @ 44.134.109.10) -> Sending message
From: I0OJJ@I0OJJ.ITA.EU
To : SYSOP@WW
SMTP mail received, may be 3rd party mail.
Headers:
From: I0OJJ@I0OJJ.ITA.EU
To: SYSOP@WW
Hi all,
I don't know how many of you are experiencing cyber attacks
on their facilities; the one reported below is a combined
attack (AMONG THE OTHERS) to our kernel modules as:
May 9 13:35:00 i0ojj kernel: Modules linked in: slip slhc mkiss ax25
fuse tun ipip tunnel4 ip_tunnel nft_ct nf_conntrack nf_
and also the just reinstalled xfbbd PBBS.
The aim of attacker is to saturate the linux kernel/CPU and so
completely freeze the attacked host PC.
Finally, this morning I found a new kernel release which is
able to mitigate those linux crash... but our apps/tools remain
seriously compromised.
------------------------ATTACK REPORT-----------------------------
May 9 13:35:00 i0ojj kernel: ------------[ cut here ]------------
May 9 13:35:00 i0ojj kernel: refcount_t: saturated; leaking memory.
May 9 13:35:00 i0ojj kernel: WARNING: CPU: 2 PID: 1996 at
lib/refcount.c:22 refcount_warn_saturate+0x51/0x110
May 9 13:35:00 i0ojj kernel: Modules linked in: slip slhc mkiss ax25
fuse tun ipip tunnel4 ip_tunnel nft_ct nf_conntrack nf_
May 9 13:35:00 i0ojj kernel: snd_timer rfkill_gpio i2c_algo_bit snd
pwm_lpss_platform pwm_lpss thermal fan fb_sys_fops sysc
May 9 13:35:00 i0ojj kernel: CPU: 2 PID: 1996 Comm: xfbbd Tainted: G
W 5.15.205 #1
May 9 13:35:00 i0ojj kernel: Hardware name: To Be Filled By O.E.M. To
Be Filled By O.E.M./Q1900M, BIOS P2.00 12/20/2018
May 9 13:35:00 i0ojj kernel: RIP: 0010:refcount_warn_saturate+0x51/0x110
May 9 13:35:00 i0ojj kernel: Code: 84 bc 00 00 00 c3 cc cc cc cc 85
f6 74 46 80 3d 64 2c 76 01 00 75 ee 48 c7 c7 c8 ad ac 8c
May 9 13:35:00 i0ojj kernel: RSP: 0000:ffffd1ce0112bda8 EFLAGS: 00010286
May 9 13:35:00 i0ojj kernel: RAX: 0000000000000000 RBX:
ffff8f119b6763c0 RCX: 0000000000000000
May 9 13:35:00 i0ojj kernel: RDX: 0000000000000202 RSI:
00000000ffffdfff RDI: 00000000ffffffff
May 9 13:35:00 i0ojj kernel: RBP: ffffd1ce0112be28 R08:
0000000000000000 R09: ffffd1ce0112bbe0
May 9 13:35:00 i0ojj kernel: R10: ffffd1ce0112bbd8 R11:
ffffffff8cf3b528 R12: ffff8f119b6763c0
May 9 13:35:00 i0ojj kernel: R13: 0000000000000001 R14:
0000000000000000 R15: 0000000000000000
May 9 13:35:00 i0ojj kernel: FS: 0000000000000000(0000)
GS:ffff8f14b0100000(0063) knlGS:00000000f7f64880
May 9 13:35:00 i0ojj kernel: CS: 0010 DS: 002b ES: 002b CR0:
0000000080050033
May 9 13:35:00 i0ojj kernel: CR2: 00007f51fbacffe0 CR3:
000000015ae82000 CR4: 00000000001006e0
May 9 13:35:00 i0ojj kernel: Call Trace:
May 9 13:35:00 i0ojj kernel: <TASK>
May 9 13:35:00 i0ojj kernel: ax25_addr_ax25dev+0x74/0xb0 [ax25]
May 9 13:35:00 i0ojj kernel: ax25_bind+0x1e7/0x210 [ax25]
May 9 13:35:00 i0ojj kernel: __sys_bind+0xd7/0x100
May 9 13:35:00 i0ojj kernel: ? __sys_setsockopt+0xea/0x1e0
May 9 13:35:00 i0ojj kernel: __do_compat_sys_socketcall+0x275/0x350
May 9 13:35:00 i0ojj kernel: ? fpregs_assert_state_consistent+0x22/0x50
May 9 13:35:00 i0ojj kernel: do_int80_syscall_32+0x46/0x90
May 9 13:35:00 i0ojj kernel: entry_INT80_compat+0xad/0xb2
May 9 13:35:00 i0ojj kernel: RIP: 0023:0xf7d1253c
May 9 13:35:00 i0ojj kernel: Code: 89 5c 24 1c bb 02 00 00 00 89 44
24 08 8b 44 24 2c 89 44 24 0c 8b 44 24 30 89 44 24 10 31
May 9 13:35:00 i0ojj kernel: RSP: 002b:00000000fff4c028 EFLAGS:
00000246 ORIG_RAX: 0000000000000066
May 9 13:35:00 i0ojj kernel: RAX: ffffffffffffffda RBX:
0000000000000002 RCX: 00000000fff4c030
May 9 13:35:00 i0ojj kernel: RDX: 00000000f7dc1000 RSI:
0000000000000048 RDI: 00000000081132b0
May 9 13:35:00 i0ojj kernel: RBP: 00000000096e7a20 R08:
0000000000000000 R09: 0000000000000000
May 9 13:35:00 i0ojj kernel: R10: 0000000000000000 R11:
0000000000000000 R12: 0000000000000000
May 9 13:35:00 i0ojj kernel: R13: 0000000000000000 R14:
0000000000000000 R15: 0000000000000000
May 9 13:35:00 i0ojj kernel: </TASK>
May 9 13:35:00 i0ojj kernel: ---[ end trace c20cc342f59d3f63 ]---
--
73 and ciao, gustavo i0ojj
non multa, sed multum
Read previous mail | Read next mail
| |
