From owner-freebsd-security Sat May 22 10:28:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id A38E414D93 for ; Sat, 22 May 1999 10:28:43 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id LAA18375; Sat, 22 May 1999 11:28:38 -0600 (MDT) Message-Id: <4.2.0.37.19990522112658.0466ec90@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta) Date: Sat, 22 May 1999 11:28:28 -0600 To: Matthew Dillon From: Brett Glass Subject: Re: Denial of service attack from "imagelock.com" Cc: security@FreeBSD.ORG In-Reply-To: <199905221714.KAA74179@apollo.backplane.com> References: <4.2.0.37.19990522105949.0465d4a0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:14 AM 5/22/99 -0700, Matthew Dillon wrote: > If they are actually making TCP connections, then their IP address is > likely to be valid. This means you should be able to traceroute the > IP address to see what the last hop network is. You can then complain > to that network - I'd call up their NOC. The addresses were all over one Class C: 209.133.111/24. We've complained to ABOVE.NET, which seems to have control of that Class C. No response yet. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message