Date: Tue, 21 Apr 1998 02:27:42 -0400 (EDT) From: spork <spork@super-g.com> To: "Alexander B. Povolotsky" <mt@folco.lms.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: New DoS attack? Message-ID: <Pine.BSF.3.96.980421022617.21528A-100000@super-g.inch.com> In-Reply-To: <199804210533.JAA02644@lms.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Interesting, I'm logging alot of imap requests as well, but none from
strange ports... Perhaps it's just someone looking for the old imap bug?
Charles Sprickman
spork@super-g.com
----
"I'm not a prophet or a stone-age man
Just a mortal with potential of a superman
I'm living on" -DB
On Tue, 21 Apr 1998, Alexander B. Povolotsky wrote:
> Strangely, I've posted this message TWICE, but still don't see it...
>
> I'm reposting it from different address.
>
> During last months, I've experienced several STRANGE hangs. TCP stack worked
> OK, while nothing else did. I thought of poor hardware, instable snap,
> everything else.
>
> Several days ago, I've heard _rumor_ of DoS attack on BSD stack, based on TCP
> packet sent to or maybe from port 0. I've installed ipfw rule:
>
> drop log tcp from any 0 to any
>
> and today I've found two packets destined from 200.255.209.92 port 0 dropped.
> They were destined to port 143 (imap), while I'm 101% sure that no one from
> mi-rj52.montreal.com.br have any mail account on my box.
>
> This information IS sparse, I understand... I'll have to gain more information
> on this, but maybe someone has experienced same troubles?
>
> Alex.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980421022617.21528A-100000>