From owner-freebsd-security  Fri Jan 21 22:49:46 2000
Delivered-To: freebsd-security@freebsd.org
Received: from tetron02.tetronsoftware.com (ftp.tetronsoftware.com [208.236.46.106])
	by hub.freebsd.org (Postfix) with ESMTP id C0DCB155A2
	for <freebsd-security@freebsd.org>; Fri, 21 Jan 2000 22:49:43 -0800 (PST)
	(envelope-from zeus@tetronsoftware.com)
Received: from tetron02.tetronsoftware.com (tetron02.tetronsoftware.com [208.236.46.106])
	by tetron02.tetronsoftware.com (8.9.3/8.9.3) with ESMTP id AAA05668;
	Sat, 22 Jan 2000 00:53:18 -0600 (CST)
	(envelope-from zeus@tetronsoftware.com)
Date: Sat, 22 Jan 2000 00:53:18 -0600 (CST)
From: Gene Harris <zeus@tetronsoftware.com>
To: Brett Glass <brett@lariat.org>
Cc: freebsd-security@freebsd.org
Subject: Re: Follow Up to NT DoS w/stream
In-Reply-To: <4.2.2.20000121234159.0198a100@localhost>
Message-ID: <Pine.BSF.4.10.10001220051000.5546-100000@tetron02.tetronsoftware.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I will look at this with some network analysis hardware
Monday.  My son has a hockey tournament this week end, so
all the fun and games gives way to real life fun and games.
:-)

*==============================================*
*Gene Harris      http://www.tetronsoftware.com*
*FreeBSD Novice                                *
*All ORBS.org SMTP connections are denied!     *
*==============================================*

On Fri, 21 Jan 2000, Brett Glass wrote:

>  At 11:42 PM 1/21/2000 , Gene Harris wrote:
>  
>  >I then played around, using the FreeBSD box to launch an
>  >attack with the command ./stream 10.255.255.255 0 0 10000.
>  >Oh WOW!  The network came to a screaching halt.  An old
>  >laptop 100 MHz Pentium laptop stopped responding, and a much
>  >newer Windows 98 machine slowed noticably.  The collision
>  >light went from an occasional blink to pegged on the
>  >network hub. The NT machine took forever to read from the CD
>  >ROM on the Win98 machine.  The linux box stopped responding
>  >altogether.  No machine crashed.  I ran the attack for 30
>  >minutes.  As soon as the attack was terminated, all boxes
>  >returned to normal activity.
>  
>  Sounds like the RSTs were being amplified into an ICMP storm.
>  
>  --Brett
>  
>  



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message