Date: Sat, 2 May 1998 16:41:35 +1200 From: andrew@squiz.co.nz (Andrew McNaughton) To: isp@FreeBSD.ORG Subject: Re: Named disappeared Message-ID: <v02120d03b170546b7a2d@[203.96.56.186]>
next in thread | raw e-mail | index | archive | help
>On May 2, 12:12pm, Andrew McNaughton wrote: >} Subject: Re: Named disappeared > >} So has anyone looked to see where the last packets to the named port came >} from? Correlations there would tend to confirm the hacker theory. > >There's no reason the culprit couldn't be using a forged IP source address >since he's not counting on getting a reply. Of course, so a negative result proves nothing. However if a hacker didn't forge a different address for every attack, evidence would be left that separate machines had been affected by the same user agent, which would be significant. It seems to me worth looking at the packet logs where they exist. Andrew McNaughton ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Andrew McNaughton = ++64 4 389 6891 Any sufficiently advanced = andrew@squiz.co.nz bug is indistinguishable = http://www.squiz.co.nz from a feature. = http://www.newsroom.co.nz -- Rich Kulawiec = To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v02120d03b170546b7a2d>