Date: Sat, 7 Sep 1996 17:04:24 -0500 (CDT) From: bugs@freebsd.netcom.com (Mark Hittinger) To: freebsd-security@freebsd.org Subject: re: Panix Attack: synflooding and source routing? Message-ID: <199609072204.RAA16524@freebsd.netcom.com>
next in thread | raw e-mail | index | archive | help
Netcom's IRC servers were attacked by a similar mechanism a couple of weeks ago - random source addresses on packets that touched telnet, smtp, auth, irc, and then back to telnet. A most effective attack. We tracked it as far as we could and have more ideas about how to follow it back now. I'm jamming with a router buddy trying to get some code into the next cisco release - we can detect the condition at the router and log which interface we are getting the packets from. If the router can query its adjacent routers' "spray log" we'd be able to very quickly find the machine that the kiddies are running from (naturally it will belong to somebody else :-) ). There may be a kernel fix for this but I'm leaning towards a router based fix at this time. Regards, Mark Hittinger Netcom/Dallas bugs@freebsd.netcom.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609072204.RAA16524>