Date: Tue, 21 Apr 1998 12:32:02 +0000 From: Niall Smart <rotel@indigo.ie> To: "Alexander B. Povolotsky" <mt@folco.lms.ru>, freebsd-security@FreeBSD.ORG Subject: Re: New DoS attack? Message-ID: <199804211132.MAA00823@indigo.ie> In-Reply-To: "Alexander B. Povolotsky" <mt@folco.lms.ru> "New DoS attack?" (Apr 21, 9:33am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 21, 9:33am, "Alexander B. Povolotsky" wrote: } Subject: New DoS attack? > Strangely, I've posted this message TWICE, but still don't see it... This is the first time I've seen it. Is the other address subscribed to security@freebsd.org or freebsd-security@freebsd.org? > During last months, I've experienced several STRANGE hangs. TCP stack worked > OK, while nothing else did. I thought of poor hardware, instable snap, > everything else. > > Several days ago, I've heard _rumor_ of DoS attack on BSD stack, based on TCP > packet sent to or maybe from port 0. I've installed ipfw rule: > > drop log tcp from any 0 to any > > and today I've found two packets destined from 200.255.209.92 port 0 dropped. > They were destined to port 143 (imap), while I'm 101% sure that no one from > mi-rj52.montreal.com.br have any mail account on my box. Could you (anyone?) dump all packets coming from/going to port 0 using tcpdump and send me any logs? I'm not sure if this means you'll have to turn off the ipfw rule, I don't know at what stage the packets get filtered. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org Annoy your enemies and astonish your friends: echo "#define if(x) if (!(x))" >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804211132.MAA00823>