From owner-freebsd-security Wed Nov 4 05:11:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA19522 for freebsd-security-outgoing; Wed, 4 Nov 1998 05:11:53 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (p8-max3.wlg.ihug.co.nz [209.79.142.72]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA19516 for ; Wed, 4 Nov 1998 05:11:48 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with SMTP id CAA08282; Thu, 5 Nov 1998 02:11:07 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Thu, 5 Nov 1998 02:11:06 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Alla Bezroutchko cc: security@FreeBSD.ORG Subject: Re: Is it an attack? Strange things logged by ipfw - more on that In-Reply-To: <3640275A.C3D01E5C@sovlink.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Nov 1998, Alla Bezroutchko wrote: > > Nothing will help brain-damaged windoze machines. :) > > Checked. Some of source IPs belong to 'doze machines, some don't. > Brain damaged unix? ;) Have you talked to the owners of any of the machines? Are they related in any way? I had a whole lot of seemingly unrelated packets a while back that turned out to be due to a faulty router at a major ISP in the UK. It seems that the router was splitting the tcp headers from their bodies, and under heavy load was putting some of them back together wrong so that I got packets from unrelated sessions. The ISP serviced many domains so it took me a while to realize that it was coming from the one place. Traceroute is helpful for that. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message