From owner-freebsd-security  Mon Apr 20 22:34:06 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA00421
          for freebsd-security-outgoing; Mon, 20 Apr 1998 22:34:06 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lms.ru (folco.lms.ru [193.125.142.40])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA00352
          for <freebsd-security@freebsd.org>; Tue, 21 Apr 1998 05:33:52 GMT
          (envelope-from mt@folco.lms.ru)
Received: from folco.lms.ru (localhost [127.0.0.1])
	by lms.ru (8.8.7/8.8.7) with ESMTP id JAA02644
	for <freebsd-security@freebsd.org>; Tue, 21 Apr 1998 09:33:37 +0400 (MSD)
	(envelope-from mt@folco.lms.ru)
Message-Id: <199804210533.JAA02644@lms.ru>
To: freebsd-security@FreeBSD.ORG
Subject: New DoS attack?
Date: Tue, 21 Apr 1998 09:33:37 +0400
From: "Alexander B. Povolotsky" <mt@folco.lms.ru>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Strangely, I've posted this message TWICE, but still don't see it... 

I'm reposting it from different address.

During last months, I've experienced several STRANGE hangs. TCP stack worked 
OK, while nothing else did. I thought of poor hardware, instable snap, 
everything else.

Several days ago, I've heard _rumor_ of DoS attack on BSD stack, based on TCP 
packet sent to or maybe from port 0. I've installed ipfw rule:

drop log tcp from any 0 to any

and today I've found two packets destined from 200.255.209.92 port 0 dropped. 
They were destined to port 143 (imap), while I'm 101% sure that no one from 
mi-rj52.montreal.com.br have any mail account on my box.

This information IS sparse, I understand... I'll have to gain more information 
on this, but maybe someone has experienced same troubles?

Alex.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message