From owner-freebsd-isp  Sat Feb 28 12:02:23 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA13868
          for freebsd-isp-outgoing; Sat, 28 Feb 1998 12:02:23 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from cam.grad.kiev.ua (grad-UTC-28k8.ukrtel.net [195.5.25.54])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA13810
          for <freebsd-isp@freebsd.org>; Sat, 28 Feb 1998 12:02:16 -0800 (PST)
          (envelope-from Ruslan@Shevchenko.kiev.ua)
Received: from Shevchenko.kiev.ua (localhost [127.0.0.1])
	by cam.grad.kiev.ua (8.8.8/8.8.5) with ESMTP id WAA07612
	for <freebsd-isp@freebsd.org>; Sat, 28 Feb 1998 22:01:15 +0200 (EET)
Message-ID: <34F86D07.6787461F@Shevchenko.kiev.ua>
Date: Sat, 28 Feb 1998 22:01:12 +0200
From: Ruslan Shevchenko <Ruslan@Shevchenko.kiev.ua>
Reply-To: rssh@grad.kiev.ua
X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-STABLE i386)
MIME-Version: 1.0
To: freebsd-isp@FreeBSD.ORG
Subject: DOS attack problem
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I was effective attacked by  Deny Of Servise attack.

I have  28.8 ppp permanent link on provider,  run user-level ppp from
98.01 wih -alias.
During attack, I was have many incoming trafic in modem, but, after I
shutdown
named, sendmail, http ..
tcpdump -i tun0 show me nothing.
 (With big traffic in modem).

My provider (Ukrtelecom) now have problems with reorganization, and all
routes there work
in automatic mode, people are absent.
After rebooting Ukrtelecom CISCO by sending large broadcast echo,  all
work fine, but at next
random amount of time I have the same situation.

I run
2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Thu Dec 25 07:30:52 GMT 1997

So, anybody known: is this known attack ?, if yes: is this problem is
fixed in -stable now ?,
if no: how I can to debug  situation.
(by monitoring tools or inserting printfs in libpcap source code )

Thanks for help and sorry for poor english.


--

    @=
     //RSSH                              mailto:Ruslan@Shevchenko.Kiev.UA




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message