From owner-freebsd-security Sun May 23 16: 5:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from iglou.com (iglou2.iglou.com [192.107.41.8]) by hub.freebsd.org (Postfix) with ESMTP id B699814DA9 for ; Sun, 23 May 1999 16:05:30 -0700 (PDT) (envelope-from bertke@iglou.com) Received: from [204.255.239.37] (helo=gameho) by iglou.com with smtp (8.9.1/8.9.1) id 10lhJ9-0005wG-00; Sun, 23 May 1999 19:05:27 -0400 Message-ID: <009401bea570$09546a80$5f64a8c0@crackhouse.com> From: "Bert Kellerman" To: "Matthew Dillon" Cc: References: <4.2.0.37.19990522105949.0465d4a0@localhost> <199905221714.KAA74179@apollo.backplane.com> Subject: Re: Denial of service attack from "imagelock.com" Date: Sun, 23 May 1999 19:00:21 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You need UDP connectivity to perform a successful traceroute from a UNIX client..not TCP. The port number it uses is invalid ( like 33,000 i *believe* ) but of course it doesn't matter as all it does is increment the ttl and record the router that sends it back an ICMP 'TTL expired in transit'. Now M$ on the other hand decided to use ICMP echo requests for traceroute on their OSes and of course alot of nets block ICMP. So either way, my point is that an HTTP connection doesn't necessarily mean you can traceroute to it. I see now you might have been saying that because of an IP address existing you can traceroute, but just wanted to clarify :) Thanks Bert > If they are actually making TCP connections, then their IP address is > likely to be valid. This means you should be able to traceroute the > IP address to see what the last hop network is. You can then complain > to that network - I'd call up their NOC. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message