Date: Wed, 23 May 2001 15:24:55 -0700 (PDT) From: mudman <mudman@R181204.resnet.ucsb.edu> To: <freebsd-security@freebsd.org> Subject: service attacks Message-ID: <Pine.BSF.4.30.0105231507370.73655-100000@R181204.resnet.ucsb.edu>
next in thread | raw e-mail | index | archive | help
I'm somewhat of a greenhorn on how packets are handled in FreeBSD. Apparently, some character has been throwing some bad packets at me. Kernel message like: arp: bad hardware address format (0x800) Then like 3 hours later (probably after a very slow, stealthly port scan), two of my services on high ports segfault. If someone sends a packet to port XXXX, does it get dropped or filtered by the kernel if it is bad, or is the information processing up to the service on port XXXX? Actually, a few of those services really don't need to be accessed by the outside world. I'm thinking of setting up IPFW. Anyway, what should I make of this? Oh yeah, one more thing. tcpdump has bogus ip addresses (japan, france, korea, etc..). Err, not to assert these places are bogus, but with the way they vary I think it is the same person falsifying packets w/ different sources. This individual has been bothering me since January actually (with this stuff as well as DoS/packet spam). I would like to get him sent to prison. Any suggestions how I go about finding out who he is and how to put him out? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0105231507370.73655-100000>