Date: 13 Jun 1999 19:33:21 +0200 From: Dag-Erling Smorgrav <des@flood.ping.uio.no> To: Jay Nelson <jdn@acp.qiv.com> Cc: security@FreeBSD.ORG Subject: Re: Connection attempts to port 7 Message-ID: <xzpzp24rony.fsf@flood.ping.uio.no> In-Reply-To: Jay Nelson's message of "Sun, 13 Jun 1999 12:25:47 -0500 (CDT)" References: <Pine.BSF.4.05.9906131218430.678-100000@acp.qiv.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jay Nelson <jdn@acp.qiv.com> writes: > Recently, I've been getting _many_ attempts to connect to the echo > service (which I have disabled) -- mostly non-resolvable addresses > that disappear somewhere behind doubleclick.net. If the source address is spoofed, it's not a connection attempt, but a syn flood. Set up a firewall to drop connection attempts to all ports except those you want to keep open. This won't help if the attacker finds out and switches to a port you want to keep open; if that happens, install the SYN rate limiting patch which was posted here a while ago (search the BUGTRAQ archives on www.geek-girl.com). > Does anyone know of a legitimate reason why they would do this? No. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpzp24rony.fsf>