> > A DOS attack on a system which you have the ability to kill power to
> > strikes me as a fairly minor problem. Being able to do this remotely
>
> I realize that. However, the original poster (Philip Stoev) was describing
> what happens when fsck runs (during boot-up) and then gives you a root
shell.

No, what I envisioned is a _remote_ attack, rather than a local one. I know
that if you have local access you can kill the power, or use a hammer, or
whatever.

Also, what I am talking about is a DoS, not a root compromise. I know the
root password is required for entering single-user mode due to fsck failure.

Again, my idea was to make a machine inoperable while being a _remote_,
_unprivileged_ user. Once you do it, if the admin can not easily reach it
(if it is at a co-location or some other such place) and re-start it in
multiple-user mode, there is going to be a problem.

To repeat, my question is: Is there a tool, or can there be a tool that can
create filesystem damage when being a remote, non-privileged user? Let's
assume that you can not power down the machine at will, so the tool should
be autonomous, that is, not relying on a shutdown or power-failure to do the
exact damage (the tool just creating the hard drive activity required to
make this damage more probable). Instead, the tool must create the damage
itself, even if the machine is perfectly powered and not overloaded.

It seems that my previous posts were unclear. I am talking about a remote,
non-privileged DoS. No local console, no root access, no floppy access, no
power-switch access, no hammer handy.

Philip

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]