From owner-freebsd-questions Sun Sep 3 18:19:35 2000 Delivered-To: freebsd-questions@freebsd.org Received: from wantadilla.lemis.com (wantadilla.lemis.com [192.109.197.80]) by hub.freebsd.org (Postfix) with ESMTP id 5025437B422 for ; Sun, 3 Sep 2000 18:19:29 -0700 (PDT) Received: (from grog@localhost) by wantadilla.lemis.com (8.11.0/8.9.3) id e841JIO74461; Mon, 4 Sep 2000 10:49:18 +0930 (CST) (envelope-from grog) Date: Mon, 4 Sep 2000 10:49:18 +0930 From: Greg Lehey To: Mike Meyer Cc: questions@FreeBSD.ORG Subject: Self-initiated DOS? (was: signature?) Message-ID: <20000904104918.B57161@wantadilla.lemis.com> References: <25395295@toto.iv> <14770.39487.46522.546296@guru.mired.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <14770.39487.46522.546296@guru.mired.org>; from mwm@mired.org on Sun, Sep 03, 2000 at 01:36:47PM -0500 Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.lemis.com/~grog X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sunday, 3 September 2000 at 13:36:47 -0500, Mike Meyer wrote: > groggy@iname.com writes: >>> It's not port UDP 68, it's netbios-ns; it's Windows boxs that like to do a >>> netbios nameserver lookup on whoever connections to them. MS assumed that >>> anything connecting to them "must" be a windows box and tries to log the >>> Netbios name of it.... these end up as mostly noise in firewall logs. >>> >>> I specifically disabled monitoring of UDP 137/138 in my own firewalls as the >>> number of stupid IIS servers that kept trying to find out the netbios name >>> of the squid proxies was filling the logs with useless information... >> this sounds good to me :) i figured it was some IIS crap ... >> i think my ISP recently replaced their SunOS and System V boxes >> with IIS servers - i know they renamed all their boxes - and that's >> when this problem started. it still bothers me that they have a right >> to clutter my connection with so much useless garbage! i mean, it does >> cause "stalls" on connections to my server since 10 seconds >> of every minute my connectin is jammed with this garbage ... >> it would be a hassle to change providers for many reasons, >> do i have any right to make them stop? :) i mean, it's >> almost a DOS attack, isn't it? :) > > If you feel like it's a DOS (or some other form of) attack, then it > is. Treat it as one - as correctly as possible. Don't assume that they > are doing it on purpose, or even know that it's going on. Report it as > an attack that may be coming from somone having broken into their > systems, and ask them to deal with it. It's difficult to say "I'm having a denial of service attack, and it's coming from my machine" and be convincing. Greg -- When replying to this message, please copy the original recipients. If you don't, I may ignore the reply. For more information, see http://www.lemis.com/questions.html Finger grog@lemis.com for PGP public key See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message