From owner-freebsd-security Fri Jan 21 15:48:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from benge.graphics.cornell.edu (benge.graphics.cornell.edu [128.84.247.43]) by hub.freebsd.org (Postfix) with ESMTP id 4FB941591E for ; Fri, 21 Jan 2000 15:48:41 -0800 (PST) (envelope-from mkc@benge.graphics.cornell.edu) Received: from benge.graphics.cornell.edu (mkc@localhost) by benge.graphics.cornell.edu (8.9.3/8.9.3) with ESMTP id SAA06856; Fri, 21 Jan 2000 18:48:35 -0500 (EST) (envelope-from mkc@benge.graphics.cornell.edu) Message-Id: <200001212348.SAA06856@benge.graphics.cornell.edu> To: Brad Guillory Cc: freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c In-Reply-To: Message from Brad Guillory of "Fri, 21 Jan 2000 17:17:59 CST." <20000121171759.D56672@baileylink.net> Date: Fri, 21 Jan 2000 18:48:35 -0500 From: Mitch Collinsworth Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> Note that a T3 is only 45 MBits. Attacks on BEST that only went through >> a single incoming T3 never had much of an effect, it was only those >> attacks that came over multiple T3's (generally ping-broadcast attacks) >> that we worried about. >> >I don't understand how a "script kiddie" is going to garner the bandwidth >to run an attack into the multi-megabit range. By rooting a handful of linux systems at various Universities that have T3 connections. Happens all the time, unfortunately. :-( Things have slowed down a bit lately but for a while we[1] were being port scanned almost daily from one corner of the net or another. Frequently the ultimate determination is the scan was coming from a hacked linux system. Classes start again next week. -Mitch [1] By 'we' I mean whole class B address ranges at a time. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message