From owner-freebsd-security Tue Apr 21 18:48:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA13981 for freebsd-security-outgoing; Tue, 21 Apr 1998 18:48:10 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA13953 for ; Wed, 22 Apr 1998 01:48:02 GMT (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id SAA08395; Tue, 21 Apr 1998 18:47:31 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma008391; Tue Apr 21 18:47:25 1998 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id SAA04232; Tue, 21 Apr 1998 18:47:25 -0700 (PDT) From: Archie Cobbs Message-Id: <199804220147.SAA04232@bubba.whistle.com> Subject: Re: New DoS attack? In-Reply-To: <199804211132.MAA00823@indigo.ie> from Niall Smart at "Apr 21, 98 12:32:02 pm" To: rotel@indigo.ie Date: Tue, 21 Apr 1998 18:47:25 -0700 (PDT) Cc: mt@folco.lms.ru, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Niall Smart writes: > Could you (anyone?) dump all packets coming from/going to port 0 using tcpdump > and send me any logs? I'm not sure if this means you'll have to turn off the > ipfw rule, I don't know at what stage the packets get filtered. FYI- tcpdump and ipfw work completely independently of each other, so even if a packet is dropped you will see it first via tcpdump. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message