From owner-freebsd-security  Mon Apr 20 23:38:47 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA08404
          for freebsd-security-outgoing; Mon, 20 Apr 1998 23:38:47 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns2.inch.com (ns2.inch.com [207.240.140.102])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA08398
          for <freebsd-security@FreeBSD.ORG>; Tue, 21 Apr 1998 06:38:44 GMT
          (envelope-from spork@super-g.com)
Received: from super-g.inch.com (super-g.com [207.240.140.161])
	by ns2.inch.com (8.8.8/8.8.5) with ESMTP id CAA00673
	for <freebsd-security@FreeBSD.ORG>; Tue, 21 Apr 1998 02:30:17 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1])
	by super-g.inch.com (8.8.8/8.8.5) with SMTP id CAA23867;
	Tue, 21 Apr 1998 02:27:42 -0400 (EDT)
Date: Tue, 21 Apr 1998 02:27:42 -0400 (EDT)
From: spork <spork@super-g.com>
X-Sender: spork@super-g.inch.com
To: "Alexander B. Povolotsky" <mt@folco.lms.ru>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: New DoS attack?
In-Reply-To: <199804210533.JAA02644@lms.ru>
Message-ID: <Pine.BSF.3.96.980421022617.21528A-100000@super-g.inch.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Interesting, I'm logging alot of imap requests as well, but none from
strange ports...  Perhaps it's just someone looking for the old imap bug?


Charles Sprickman
spork@super-g.com
---- 
                           "I'm not a prophet or a stone-age man
                           Just a mortal with potential of a superman
                           I'm living on"      -DB

On Tue, 21 Apr 1998, Alexander B. Povolotsky wrote:

> Strangely, I've posted this message TWICE, but still don't see it... 
> 
> I'm reposting it from different address.
> 
> During last months, I've experienced several STRANGE hangs. TCP stack worked 
> OK, while nothing else did. I thought of poor hardware, instable snap, 
> everything else.
> 
> Several days ago, I've heard _rumor_ of DoS attack on BSD stack, based on TCP 
> packet sent to or maybe from port 0. I've installed ipfw rule:
> 
> drop log tcp from any 0 to any
> 
> and today I've found two packets destined from 200.255.209.92 port 0 dropped. 
> They were destined to port 143 (imap), while I'm 101% sure that no one from 
> mi-rj52.montreal.com.br have any mail account on my box.
> 
> This information IS sparse, I understand... I'll have to gain more information 
> on this, but maybe someone has experienced same troubles?
> 
> Alex.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message