Date: Thu, 22 Mar 2001 11:19:09 -0600 (CST) From: Chris Byrnes <chris@jeah.net> To: ostap <ostap@ukrpost.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: DoS attack - advice needed Message-ID: <Pine.BSF.4.33.0103221116450.8421-100000@awww.jeah.net> In-Reply-To: <3ABA1B4A.9301775D@ukrpost.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> Thank you for your help, > unfortunately i can't analyze it that deep, > 'cos it was a one-time attack. i came there late in the > evening, saw the problem, rebooted and everything was fine. > so, no trafic snapshots unfortunately. > looks like the guy issued one command, and the box went mad. > i guess this wasn't that sophisticated, > logs show traces of a usual portscanning software, > it was ran twice or so, and then whole the thing started. > it seems like the guy wasn't very experienced and was just > playing around with some soft, exploiting some general hack, > and then went home. > i know that 3.3release is quite old, and should be ugraded of course, > but i never thought it could be broken in such an easy way, without > efforts, > just using some standard tool. > any ideas? I run a few servers that are very high profile, and very succeptable to DOS attacks, both on the local lan and on the internet. I'd definitely upgrade to 4.2-STABLE (well, it's 4.3-BETA atm). And, while we're on the subject, who needs ICMP? I haven't found a valid use for it. + Chris Byrnes, chris@JEAH.net + JEAH Communications + 1-866-AWW-JEAH (Toll-Free) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103221116450.8421-100000>