From owner-freebsd-security@FreeBSD.ORG Mon Sep 20 06:27:26 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AF5916A4CF for ; Mon, 20 Sep 2004 06:27:26 +0000 (GMT) Received: from smtpclu-2.eunet.yu (smtpclu-2.eunet.yu [194.247.192.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 32E1C43D1D for ; Mon, 20 Sep 2004 06:27:25 +0000 (GMT) (envelope-from kolicz@EUnet.yu) Received: from kolic.net (P-2.17.eunet.yu [213.240.2.17]) by smtpclu-2.eunet.yu (8.12.11/8.12.11) with ESMTP id i8K6RLAM001988 for ; Mon, 20 Sep 2004 08:27:21 +0200 Received: by kolic.net (Postfix, from userid 1001) id 10A8041AE; Mon, 20 Sep 2004 08:08:48 +0200 (CEST) Date: Mon, 20 Sep 2004 08:08:48 +0200 From: Zoran Kolic To: freebsd-security@freebsd.org Message-ID: <20040920060848.GA678@kolic.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Virus-Scan: EUnet-AVAS-Milter X-AVAS-Virus-Status: clean X-Spam-Checker: EUnet-AVAS-Milter X-AVAS-Spam-Score: -2.3 Subject: Re: Attacks on ssh port X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 06:27:26 -0000 Dear all! There is possibility that someone makes fake tide of IP addresses, just to hide his own. If the list is long enough, that IP could be even not logged. If the packets are "syn", IPs you answer don't exist, you have syn flood and death of the server. However, only total idiot would make such kind of attack. Everybody knows he is trying some- thing. Suspect "script kid". Little joke with your server and you have a lot of job to do. Just be aware not to open new gate for another kind of attack. Human is the wickiest part of chain. Best regards ZK