Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm having a problem. Some people think its funny to flood my screen with text while I'm on a linux box at school, but I'm getting sick of it to tell you the truth. I successfully blocked the WRITE command using "mesg n", which shuts off the ability to send/receive messages using the WRITE command. But now flooding is still possible with TALK, WALL, and ECHO (/dev/ttyxx). Can anyone help me derail these local text-based DoS attacks??? Thanks in advance...
Who is doing this? Just did a couple of tests and it seems that only a superuser can write to a tty if mesg is set to n. Is this person whos persecuting you running as root?
I have no idea how he is doing it...but I can tell you that I'm pretty sure he's not root. Is there any way to trace the attack? I can gain root on the box using the kmod/ptrace exploit and see everything that is happening. I know that he has created a service to DoS me everytime I logon to the system. It checks for my user name, then floods me. I can't stop it with CTRL-X/CTRL-Z either. Just keeps on coming. ;-( Even if he did have root, if I can gain root too, can I stop it in any way OTHER than killing the running process? Like some sort of prevention technique? Like, refusing to accept any output to TTY from anyone other than ME??? I am kinda frustrated. I know what I can do...I will exploit to root with ptrace and grab the file in his local directory (that does the DoS) and see what's going on. If I can;t understand it, I'll show it here. Let me know if you have any other suggestions...
If you can get root on the box the person whos doing this probably can too.
The first thing to try is just report the attacks to your sysadmin, if that doesnt work (did you already try it?) run ps aux -ww as another user and as yourself save the results to textfiles and diff the textfiles. That should give you a place to start looking for the script or whatever thats doing it.
First try working within the existing admin structure, no need to expose yourself to official reprisals except as a last resort.
We are doing this for fun to one up each other. The admins are dumb anyway. They always have nice default passwords on everything and never patch their machines. And I'm just trying to figure out how he is doing this with non-root priviledges. I will post his script here after I intercept it. Until then...hang tight and thanks for the info!!
"We are doing this for fun to one up each other. "
Well in that case, if your both abusing the system just for the fun of it, you deserve what your getting, dont be suprised if your "stupid" admins catch you both and revoke your login privs. Thats what I would do anyway. In addition, you shouldnt be on this forum asking for help to circumvent your schools computer security measures or the sysadmins authority. At first I thought you were an innocent victim of a prank, I see now that your as culpable as the person dosing you, you dont deserve help, you deserve at the very least, a spanking.
By the way, is that your real name at the bottom of your posts?
//moderator.note: khermans, LQ is not the board to ask for exploits or ask for help with exploiting vulnerable conditions in applications. Please visit another board with these type of questions. Thread closed.
If you, after having read and understood the rules you agreed to adhere to when you signed up, want to dispute my moderation actions, you're welcome to take it up with me by mail.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.