From owner-freebsd-questions  Thu Jan 15 19:36:51 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA18176
          for questions-outgoing; Thu, 15 Jan 1998 19:36:51 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from www.delanet.com (smtp@www.delanet.com [208.9.136.82])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA18158
          for <freebsd-questions@FreeBSD.ORG>; Thu, 15 Jan 1998 19:36:38 -0800 (PST)
          (envelope-from rugose@delanet.com)
Received: from rugose ([208.9.136.17])
	by www.delanet.com (8.8.4/8.8.5) with ESMTP id WAA18362
	for <freebsd-questions@FreeBSD.ORG>; Thu, 15 Jan 1998 22:36:53 -0500 (EST)
Message-Id: <199801160336.WAA18362@www.delanet.com>
From: "Stephen Comoletti" <rugose@delanet.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: DoS
Date: Sun, 16 Nov 1997 10:35:03 -0500
X-MSMail-Priority: Normal
X-Priority: 3
X-Mailer: Microsoft Internet Mail 4.70.1155
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk

I have a situation I need a little advice on. I'm not sure if it belongs
here, however it does affect users of FreeBSD as well from what little I do
know. 

Ok..here is the setup. ISP with 2 cisco routers, both communicate between
eachother on a regular basis. They use radius for authentication. The isp
is under attack by a modified smurf. It has all the symptoms of a smurf but
it's comming in via udp and not icmp. to complicate it, the attacker is
spoofing the ip of each router and hitting them at the same time, changing
the port each time the isp kills input from one. 

Is there any way to defend/track down/stop an attack of this type?

Steve