From owner-freebsd-questions  Mon Jun 15 23:08:26 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA26579
          for freebsd-questions-outgoing; Mon, 15 Jun 1998 23:08:26 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA26550
          for <questions@freebsd.org>; Mon, 15 Jun 1998 23:08:19 -0700 (PDT)
          (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE)
Received: (from kuku@localhost)
	by gilberto.physik.RWTH-Aachen.DE (8.8.8/8.8.7) id IAA02704;
	Tue, 16 Jun 1998 08:08:19 +0200 (MEST)
	(envelope-from kuku)
Message-ID: <19980616080818.08890@gil.physik.rwth-aachen.de>
Date: Tue, 16 Jun 1998 08:08:18 +0200
From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
To: Michael Richards <miker@scifair.acadiau.ca>
Cc: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>,
        questions@FreeBSD.ORG
Subject: Re: using tcpdump effectively
References: <199806151447.QAA29137@gilberto.physik.RWTH-Aachen.DE> <Pine.BSF.3.96.980615202443.10124B-100000@scifair.acadiau.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.81e
In-Reply-To: <Pine.BSF.3.96.980615202443.10124B-100000@scifair.acadiau.ca>; from Michael Richards on Mon, Jun 15, 1998 at 08:29:01PM -0300
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Jun 15, 1998 at 08:29:01PM -0300, Michael Richards wrote:
> On Mon, 15 Jun 1998, Christoph Kukulies wrote:
> 
> > What sporadically happens is that a X session to our Mentor Design Architect
> > running on HP  is ceased and the connection breaks (we login via rlogin
> > and start the X client with DISPLAY set to the FreeBSD machine.)
> Es mag dich nicht!
> 
> > When the connection breaks we see something like 'no route to host' 
> This looks like it could be a routing problem. The X protocol has a number
> of well known security problems. Personally I would suggest that you use
> secure shell to forward the X11 connections. I believe you can download
> the unix verion from www.datafellows.com.

I should mention that this route lost problem occurs even in the LAN
on the same ethernet (!). Looks to me like the infamous sniper bug
that NT 3.1 once introduced. (Snipers are 'Heckenschuetzen', in the
Bosnia War or Partisans during WWII, who fire from behind a wall
or from some hidden place). NT was sending some sort of ICMP
packets which caused something like host unreachable situations.
(roughly speaking).

> 
> > Could that be caused by denial of service attacks? What exactly is a denial
> > of service attack? 
> Rather than try to break into a system, the person simply tries to break
> the system so as to be a pain in the butt to the "real" users.
> 
> -Mike

-- 
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message