From owner-freebsd-security Thu Mar 22 9:19:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from awww.jeah.net (awww.jeah.net [216.111.239.130]) by hub.freebsd.org (Postfix) with ESMTP id 1963937B71C for ; Thu, 22 Mar 2001 09:19:15 -0800 (PST) (envelope-from chris@jeah.net) Received: from localhost (chris@localhost) by awww.jeah.net (8.11.1/8.11.0) with ESMTP id f2MHJA509563; Thu, 22 Mar 2001 11:19:10 -0600 (CST) (envelope-from chris@jeah.net) Date: Thu, 22 Mar 2001 11:19:09 -0600 (CST) From: Chris Byrnes To: ostap Cc: Subject: Re: DoS attack - advice needed In-Reply-To: <3ABA1B4A.9301775D@ukrpost.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Thank you for your help, > unfortunately i can't analyze it that deep, > 'cos it was a one-time attack. i came there late in the > evening, saw the problem, rebooted and everything was fine. > so, no trafic snapshots unfortunately. > looks like the guy issued one command, and the box went mad. > i guess this wasn't that sophisticated, > logs show traces of a usual portscanning software, > it was ran twice or so, and then whole the thing started. > it seems like the guy wasn't very experienced and was just > playing around with some soft, exploiting some general hack, > and then went home. > i know that 3.3release is quite old, and should be ugraded of course, > but i never thought it could be broken in such an easy way, without > efforts, > just using some standard tool. > any ideas? I run a few servers that are very high profile, and very succeptable to DOS attacks, both on the local lan and on the internet. I'd definitely upgrade to 4.2-STABLE (well, it's 4.3-BETA atm). And, while we're on the subject, who needs ICMP? I haven't found a valid use for it. + Chris Byrnes, chris@JEAH.net + JEAH Communications + 1-866-AWW-JEAH (Toll-Free) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message