From owner-freebsd-security  Tue Apr 21 21:20:03 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA07637
          for freebsd-security-outgoing; Tue, 21 Apr 1998 21:20:03 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from asteroid.svib.ru (root@asteroid.svib.ru [195.151.166.145])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA07554
          for <freebsd-security@FreeBSD.ORG>; Wed, 22 Apr 1998 04:19:55 GMT
          (envelope-from tarkhil@asteroid.svib.ru)
Received: from minas-tirith.pol.ru (shuttle.svib.ru [195.151.166.144])
	by asteroid.svib.ru (8.8.8/8.8.8) with ESMTP id IAA15466;
	Wed, 22 Apr 1998 08:19:47 +0400 (MSD)
	(envelope-from tarkhil@asteroid.svib.ru)
Received: from minas-tirith.pol.ru (minas-tirith.pol.ru [127.0.0.1])
	by minas-tirith.pol.ru (8.8.8/8.8.7) with ESMTP id IAA07040;
	Wed, 22 Apr 1998 08:19:51 +0400 (MSD)
	(envelope-from tarkhil@minas-tirith.pol.ru)
Message-Id: <199804220419.IAA07040@minas-tirith.pol.ru>
X-Mailer: exmh version 2.0.1 12/23/97
To: rotel@indigo.ie
cc: "Alexander B. Povolotsky" <mt@folco.lms.ru>, freebsd-security@FreeBSD.ORG
Subject: Re: New DoS attack? 
In-reply-to: Your message "Tue, 21 Apr 1998 12:32:02 -0000."
             <199804211132.MAA00823@indigo.ie> 
Reply-To: tarkhil@asteroid.svib.ru
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 22 Apr 1998 08:19:49 +0400
From: Alex Povolotsky <tarkhil@asteroid.svib.ru>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

 <199804211132.MAA00823@indigo.ie>Niall Smart writes:
>On Apr 21,  9:33am, "Alexander B. Povolotsky" wrote:
>} Subject: New DoS attack?
>> Strangely, I've posted this message TWICE, but still don't see it... 
>
>This is the first time I've seen it.  Is the other address subscribed
>to security@freebsd.org or freebsd-security@freebsd.org?
I was sending it from address, SUBSCRIBED to freebsd-security, and it seemed 
that hub.freebsd.org received it.

Now, I've resend it from my reserve login, which is not subscribed to any 
mailing list.

I'm getting paranoid about ir...

>Could you (anyone?) dump all packets coming from/going to port 0 using tcpdump
>and send me any logs?  I'm not sure if this means you'll have to turn off the
>ipfw rule, I don't know at what stage the packets get filtered.

I'm not receiving such packets anymore...

Alex.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message