From owner-freebsd-security Tue Apr 21 01:13:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA20841 for freebsd-security-outgoing; Tue, 21 Apr 1998 01:13:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from axis1.axis.de ([194.163.241.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA20828 for ; Tue, 21 Apr 1998 08:12:59 GMT (envelope-from sturm@axis.de) Received: from viruswall.axis.de (vscanreal.axis.de [195.180.213.22]) by axis1.axis.de (8.8.8/8.8.8) with SMTP id KAA05175; Tue, 21 Apr 1998 10:12:56 +0200 (CEST) Received: from 194.163.241.15 by viruswall.axis.de (InterScan E-Mail VirusWall NT) Received: from hermes.axis.de (hermes.axis.de [194.163.241.7]) by syslog.axis.de (8.8.8/8.8.8) with SMTP id KAA22216; Tue, 21 Apr 1998 10:12:55 +0200 (CEST) Message-ID: <353C5507.10EC7523@axis.de> Received: from fireball.axis.de by hermes.axis.de via smtpd (for syslog.axis.de [194.163.241.15]) with SMTP; 21 Apr 1998 08:12:55 UT Date: Tue, 21 Apr 1998 10:12:55 +0200 From: Torsten Sturm Reply-To: sturm@axis.de Organization: AXIS information systems GmbH, Security Services Department X-Mailer: Mozilla 4.05 [en] (WinNT; I) MIME-Version: 1.0 To: "Alexander B. Povolotsky" CC: freebsd-security@FreeBSD.ORG Subject: Re: New DoS attack? References: <199804210533.JAA02644@lms.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Alexander B. Povolotsky wrote: > Several days ago, I've heard _rumor_ of DoS attack on BSD stack, based on TCP > packet sent to or maybe from port 0. I've installed ipfw rule: Last night, we also noticed many connection reqests for Port 143 originating from port 0, done in a scanning style... Maybe it is from this new impack103.tar.gz from rootshell.com... HTH Torsten Sturm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message