Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Apr 1998 12:32:02 +0000
From:      Niall Smart <rotel@indigo.ie>
To:        "Alexander B. Povolotsky" <mt@folco.lms.ru>, freebsd-security@FreeBSD.ORG
Subject:   Re: New DoS attack?
Message-ID:  <199804211132.MAA00823@indigo.ie>
In-Reply-To: "Alexander B. Povolotsky" <mt@folco.lms.ru> "New DoS attack?" (Apr 21,  9:33am)

next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 21,  9:33am, "Alexander B. Povolotsky" wrote:
} Subject: New DoS attack?
> Strangely, I've posted this message TWICE, but still don't see it... 

This is the first time I've seen it.  Is the other address subscribed
to security@freebsd.org or freebsd-security@freebsd.org?

> During last months, I've experienced several STRANGE hangs. TCP stack worked 
> OK, while nothing else did. I thought of poor hardware, instable snap, 
> everything else.
> 
> Several days ago, I've heard _rumor_ of DoS attack on BSD stack, based on TCP 
> packet sent to or maybe from port 0. I've installed ipfw rule:
> 
> drop log tcp from any 0 to any
> 
> and today I've found two packets destined from 200.255.209.92 port 0 dropped. 
> They were destined to port 143 (imap), while I'm 101% sure that no one from 
> mi-rj52.montreal.com.br have any mail account on my box.

Could you (anyone?) dump all packets coming from/going to port 0 using tcpdump
and send me any logs?  I'm not sure if this means you'll have to turn off the
ipfw rule, I don't know at what stage the packets get filtered.

Niall

-- 
Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
FreeBSD: Turning PC's into Workstations: www.freebsd.org
Annoy your enemies and astonish your friends:
echo "#define if(x) if (!(x))" >> /usr/include/stdio.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804211132.MAA00823>