I'm having a problem. Some people think its funny to flood my screen with text while I'm on a linux box at school, but I'm getting sick of it to tell you the truth. I successfully blocked the WRITE command using "mesg n", which shuts off the ability to send/receive messages using the WRITE command. But now flooding is still possible with TALK, WALL, and ECHO (/dev/ttyxx). Can anyone help me derail these local text-based DoS attacks??? Thanks in advance...

Kris Hermansen

Who is doing this? Just did a couple of tests and it seems that only a superuser can write to a tty if mesg is set to n. Is this person whos persecuting you running as root?

I have no idea how he is doing it...but I can tell you that I'm pretty sure he's not root. Is there any way to trace the attack? I can gain root on the box using the kmod/ptrace exploit and see everything that is happening. I know that he has created a service to DoS me everytime I logon to the system. It checks for my user name, then floods me. I can't stop it with CTRL-X/CTRL-Z either. Just keeps on coming. ;-( Even if he did have root, if I can gain root too, can I stop it in any way OTHER than killing the running process? Like some sort of prevention technique? Like, refusing to accept any output to TTY from anyone other than ME??? I am kinda frustrated. I know what I can do...I will exploit to root with ptrace and grab the file in his local directory (that does the DoS) and see what's going on. If I can;t understand it, I'll show it here. Let me know if you have any other suggestions...

Kris Hermansen

If you can get root on the box the person whos doing this probably can too.
The first thing to try is just report the attacks to your sysadmin, if that doesnt work (did you already try it?) run ps aux -ww as another user and as yourself save the results to textfiles and diff the textfiles. That should give you a place to start looking for the script or whatever thats doing it.
First try working within the existing admin structure, no need to expose yourself to official reprisals except as a last resort.

We are doing this for fun to one up each other. The admins are dumb anyway. They always have nice default passwords on everything and never patch their machines. And I'm just trying to figure out how he is doing this with non-root priviledges. I will post his script here after I intercept it. Until then...hang tight and thanks for the info!!

Kris Hermansen

"We are doing this for fun to one up each other. "

Well in that case, if your both abusing the system just for the fun of it, you deserve what your getting, dont be suprised if your "stupid" admins catch you both and revoke your login privs. Thats what I would do anyway. In addition, you shouldnt be on this forum asking for help to circumvent your schools computer security measures or the sysadmins authority. At first I thought you were an innocent victim of a prank, I see now that your as culpable as the person dosing you, you dont deserve help, you deserve at the very least, a spanking.
By the way, is that your real name at the bottom of your posts?

//moderator.note: khermans, LQ is not the board to ask for exploits or ask for help with exploiting vulnerable conditions in applications. Please visit another board with these type of questions. Thread closed.
If you, after having read and understood the rules you agreed to adhere to when you signed up, want to dispute my moderation actions, you're welcome to take it up with me by mail.