From owner-freebsd-security Mon Sep 16 21:14:16 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id VAA06061 for security-outgoing; Mon, 16 Sep 1996 21:14:16 -0700 (PDT) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id VAA06015 for ; Mon, 16 Sep 1996 21:12:50 -0700 (PDT) Received: from rover.village.org by agora.rdrop.com with smtp (Smail3.1.29.1 #17) id m0v2rWe-0008udC; Mon, 16 Sep 96 21:12 PDT Received: from rover.village.org (localhost [127.0.0.1]) by rover.village.org (8.7.5/8.6.6) with ESMTP id WAA06626; Mon, 16 Sep 1996 22:06:06 -0600 (MDT) Message-Id: <199609170406.WAA06626@rover.village.org> To: Mikael Karpberg Subject: Re: Panix Attack: synflooding and source routing? Cc: freebsd-security@FreeBSD.org In-reply-to: Your message of Sat, 07 Sep 1996 19:28:34 +0200 Date: Mon, 16 Sep 1996 22:06:06 -0600 From: Warner Losh Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk : Now, I'm far from an expert in this matter, but as far as I know a SYN-flood I realize this is a little late... There is a bug in AIX kernels (3.2.5ish ones at least) that older versions of TIA tripped where it would cause a flood of SYN packets. We found out about this when we got a security emergency response message forwarded to us. Maybe something like this is going on. The problem had to do with non-blocking sockets, connection attempts that were non-blocking and strange errnos that were returned. Maybe something like netscape or some other program is causing this (or maybe an old version of TIA even)? Then again, they said that the source address packets were random, which isn't the pattern for the bug I'm reporting... Warner