[OpenAFS] Re: Mystery AFS/Kerberos packet

Jeffrey Altman jaltman at columbia.edu
Fri Jan 23 09:47:53 EST 2004


What operating system is the client running on?
Is this a K4 request being produced from OpenAFS on Windows?

I have suspected that there is a threading problem in the OpenAFS for 
Windows
client which is overwriting buffers being written to the network but 
have been unable
to catch it reliably.   If you have a system which is consistently 
producing bad data
at a known point it would be good to see if we can trace it down.

Jeffrey Altman


John Hascall wrote:

>>6303373b766d61124537XXXXXXXX0000494153544154452e4544550067710e403f6166730000
>>
>  c . 7 ; v m a . E 7 u s e r . . I A S T A T E . E D U . g q . @ ? a f s . .
>
>
>>I'm not sure, but the tail bit of it looks like part of a krb4 initial
>>ticket request by "user" for "afs at IASTATE.EDU", with lifetime 5 hours
>>15 minutes, around 21 January 2004 (assuming little-endian).
>>
>
>Yes, I've been convinced that this is a valid V4 packet whose
>first two bytes (04 03) were somehow corrupted with 10 garbage
>bytes (63 03 37 3b 76 6d 61 12 45 37) and I went off on a wrong
>tangent upon seeing the 0x6X first byte).  At this point, I'm going
>to assume the user has either munged hardware or DLLs.
>
>It's really quite interesting to dump out rejected packets,
>you see some fascinating crap, here's another:
>
><04><03>__vmware_user__D2521F2GPKdgDby9P77qlo_w*glhuA3un*!sh!<00><00>IASTATE.EDU<00>^HN<0e>@?afs<00><00
>
>(a 53 character principal name is too long for k4)
>(curious how both of these invalid packets used '?', 5h15m, for the lifetime).
>
>
>John
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info at openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>


More information about the Kerberos mailing list