From owner-freebsd-security  Thu Nov  2 16:36:21 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id 0716F37B4E5
	for <security@FreeBSD.ORG>; Thu,  2 Nov 2000 16:36:19 -0800 (PST)
Received: (qmail 32654 invoked by uid 1000); 3 Nov 2000 00:36:11 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 3 Nov 2000 00:36:11 -0000
Date: Thu, 2 Nov 2000 18:36:11 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>
Cc: security@FreeBSD.ORG
Subject: Re: DOS attack II
In-Reply-To: <Pine.BSF.4.21.0011021753550.20146-100000@libertad.univalle.edu.co>
Message-ID: <Pine.BSF.4.21.0011021834350.32075-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Thu, 2 Nov 2000, Buliwyf McGraw wrote:

> > What is the source of the squid connections? 
> 
>   All my intranet (only) do the requests. Internet give us the answers.
> 
>   The next time, when the problems come back, i gonna use tcpdump to check
>   what is coming to the interface... i will use ttt to see what is the
>   protocol with more load in the segment... and then i expect get
>   something about the problem.
> 
>   Thanks for Any coment...

Hm.  How is the access controlled?  Is it possible that squid is still
listening on the external IP, and only dropping the connections after they
are established?

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message