Date: Mon, 17 May 1999 18:46:05 -0400 From: John <mtber@mpinet.net> To: Doug White <dwhite@resnet.uoregon.edu> Cc: matt <matt@Mlink.NET>, freebsd-questions@FreeBSD.ORG Subject: Re: Freebsd2.2.8 syn problem. Message-ID: <37409C2D.E364AC6@mpinet.net> References: <Pine.BSF.4.03.9905171500030.15052-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
That would not solve my problem. What I am going to do is block udp on every port exept 53 and hope that synk4 uses a mix of udp and syn-ack. I think blocking udp will stop it. I hope it does ill know tomoro. I really wish FreeBSD would make a patch for this problem. I have seen a patch on many security sites for 3.1. If any FreeBSD development team members can help me feel free to email me back. BTW: If you dont know what im talking about its the freebsd synk remote reboot "bug". Thanks, John (mtber@mpinet.net) Doug White wrote: > On Mon, 17 May 1999, matt wrote: > > > On Mon, 17 May 1999, Doug White wrote: > > > > : On Sun, 16 May 1999, John wrote: > > : > > : > When my machine recives an attack on a system port ex: 113 it reboots > > : > after about 2 min. > > : > > : Well maybe, if you don't need POP running, that would help. > > > > Isn't 113 auth(identd) and pop3 would be 110.... > > Dooh! > > Yeah, I've run into that. I just set up the rule > > reset tcp from any to any 113 > > on the offended box and it shut up. :) > > Doug White > Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve > http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37409C2D.E364AC6>