From owner-freebsd-security  Sun Jun 13 12:48:34 1999
Delivered-To: freebsd-security@freebsd.org
Received: from tok.qiv.com (tok.qiv.com [205.238.142.68])
	by hub.freebsd.org (Postfix) with ESMTP id 3B0F414BE6
	for <security@FreeBSD.ORG>; Sun, 13 Jun 1999 12:48:29 -0700 (PDT)
	(envelope-from jdn@acp.qiv.com)
Received: (from uucp@localhost)
	by tok.qiv.com (MailHost/Current) with UUCP id OAA62022;
	Sun, 13 Jun 1999 14:48:26 -0500 (CDT)
Received: from localhost (jdn@localhost)
	by acp.qiv.com (8.9.3/8.9.2) with ESMTP id OAA00902;
	Sun, 13 Jun 1999 14:47:12 -0500 (CDT)
	(envelope-from jdn@acp.qiv.com)
Date: Sun, 13 Jun 1999 14:47:12 -0500 (CDT)
From: Jay Nelson <jdn@acp.qiv.com>
To: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: security@FreeBSD.ORG
Subject: Re: Connection attempts to port 7
In-Reply-To: <xzpzp24rony.fsf@flood.ping.uio.no>
Message-ID: <Pine.BSF.4.05.9906131425340.801-100000@acp.qiv.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 13 Jun 1999, Dag-Erling Smorgrav wrote:

>If the source address is spoofed, it's not a connection attempt, but a
>syn flood. Set up a firewall to drop connection attempts to all ports

[snip]

It doesn't appear to be a syn flood. The machine is firewalled and
the refused connections, I don't think, reveal any more than
necessary about the platform. I think the answer from Ed Porter
probably explains what is happening, but glosses over the
ramifications of the information gathered.

I hate to be so suspicious, but this concerns me.

Thanks for the reply.

-- Jay



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message