From owner-freebsd-isp Sat Jul 8 18: 4:28 2000 Delivered-To: freebsd-isp@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 5E18237B63E for ; Sat, 8 Jul 2000 18:04:25 -0700 (PDT) (envelope-from matt@ARPA.MAIL.NET) Received: (qmail 52483 invoked by uid 1000); 9 Jul 2000 01:04:24 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 9 Jul 2000 01:04:24 -0000 Date: Sat, 8 Jul 2000 21:04:23 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: J & C Frazier Cc: freebsd-isp@freebsd.org Subject: Re: Namedb attacks In-Reply-To: <3967C586.DAEF4D37@csocs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/A Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 8 Jul 2000, J & C Frazier wrote: ... : B class block. I've added the following to ipfw: : 12345 0 0 unreach host tcp from 211.72.0.0 to any : 12346 0 0 unreach host udp from 211.72.0.0 to any : : And as you can see it hasn't caught anything or blocked anything. I : had initially assumed it was a DoS on bind, as every 20 minutes or so : it will cause bind to reload it's zones. Bind is running in a sandbox : also. Use: ipfw add unreach host tcp from 211.72.0.0/16 to any It should fix your problem. : Then to make matters worse, a few strange things happened last night. : My cgi shopping cart lost all it's datafiles, along with a few other : strange happenings. ... : Jul 7 21:21:58 shell /kernel: pid 27004 (doscmd), uid 1013: exited on : signal 10 (core dumped) doscmd got unhappy and core dumped. Probably nothing to worry about. : Jul 8 04:52:37 shell ftpd[35348]: getpeername (./ftpd): Socket : operation on non-socket Weird. Could be an attempt at the new ftpd exploit, hope you're patched. : Jul 8 11:31:03 shell inetd[37173]: warning: can't get client address: : Connection reset by peer No big deal to worry about usually. Just a connection reset by peer. : Any insight or help would be greatly appreciated. I'm running : 3.4-STABLE on an ASUS board with dual PII 450's and 512mb RAM. : Cvsupped and built last on Sun May 14 14:05:57 MDT 2000. : : J.C. Frazier * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5Z8+YdMMtMcA1U5ARAssnAKCSM2092wWjUQotVy4svIGgIfddSQCeM+PF 2jxxgsFb7lkfy4ifvrPYEO4= =WgxY -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message