From owner-freebsd-hackers Tue May 7 10:54:54 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from utility.clubscholarship.com (utility.clubscholarship.com [198.78.70.175]) by hub.freebsd.org (Postfix) with ESMTP id 9899F37B405; Tue, 7 May 2002 10:54:44 -0700 (PDT) Received: from localhost (root@localhost) by utility.clubscholarship.com (8.11.6/8.11.6) with ESMTP id g47Hpb190318; Tue, 7 May 2002 10:51:37 -0700 (PDT) (envelope-from root@utility.clubscholarship.com) Date: Tue, 7 May 2002 10:51:37 -0700 (PDT) From: Patrick Thomas To: Cc: , Subject: syncookies exploit behavior Message-ID: <20020507104534.T63159-100000@utility.clubscholarship.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Two questions regarding the syncookies issue - 1. What kind of crash is it ? I have an issue where my machine has no response at the console, and none of the services work (pop, imap, etc.) HOWEVER you can still ping it, and you can still initiate connections to services - they just dont talk or respond at all - and cron jobs no longer run. Someone suggested that it looks like my userland is frozen, but my kernel is still running. Is that the kind of crash you get when you encounter the syncookies problem ? 2. Is there any way to scour tcpdump on the _affected_ machine to see if syncookies was indeed your problem ? This is sort of two questions - first, will the machine be crashed so fast it won't have time to write tcpdump output to a file for the packet that caused the crash ? and second, if it is possible, what would that tcpdump output look like ? I suspect you can't scour tcpdump for it, since this problem can be caused by legitimate traffic. comments appreciated, PT To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message