From owner-freebsd-hackers  Tue Feb  8 11:49:43 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228])
	by builder.freebsd.org (Postfix) with ESMTP id 776074136
	for <hackers@FreeBSD.ORG>; Tue,  8 Feb 2000 11:49:34 -0800 (PST)
Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1])
	by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id LAA93431;
	Tue, 8 Feb 2000 11:51:23 -0800 (PST)
	(envelope-from jkh@zippy.cdrom.com)
To: Luoqi Chen <luoqi@watermarkgroup.com>
Cc: hackers@FreeBSD.ORG
Subject: Re: Yahoo under attack 
In-reply-to: Your message of "Tue, 08 Feb 2000 12:46:55 EST."
             <200002081746.MAA17550@lor.watermarkgroup.com> 
Date: Tue, 08 Feb 2000 11:51:23 -0800
Message-ID: <93428.950039483@zippy.cdrom.com>
From: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Just saw it in the news,
>     http://abcnews.go.com/sections/tech/DailyNews/yahoo000207.html
> Does anyone know the detail?

I just exchanged email with David Filo this morning about this and it
appears to have been a DoS attack using the usual array of
stream/synflood tools.  It also primarily hit the routers and FreeBSD
3.4 was largely unaffected (2.2 had some problems, but they were
already in the process of upgrading those machines).  There is some
additional hardening work we can do here as a result of what was
learned during the attack, however, and you should be seeing the
relevant commits going into 4.0 shortly.

- Jordan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message