From owner-freebsd-security Wed Dec 8 14: 3:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id B79DE14CAF for ; Wed, 8 Dec 1999 14:03:35 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id RAA25069; Wed, 8 Dec 1999 17:02:41 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Wed, 8 Dec 1999 17:02:41 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Scott I. Remick" Cc: freebsd-security@freebsd.org Subject: Re: What kind of attack is this? In-Reply-To: <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This morning there were two posts about distributed attack tools on bugtraq--does either of these sound like what you are experiencing? There's not much you can do about spoofed UDP attacks without significant involvement of providers along the path back to the attacker, but with distributed attack tools not using spoofing, it is feasible. Some people at TIS and I speculated about the possibility of such tools a couple of years ago, and decided that that would suck and sort of left it at that. It's somewhat (in a sick kind of way) gratifying to see that the idea works :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message