Date: Sun, 20 Dec 1998 12:29:59 +0000 (GMT) From: Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx> To: Karl Pielorz <kpielorz@tdx.co.uk> Cc: freebsd-security@FreeBSD.ORG Subject: Re: udp security Message-ID: <Pine.BSF.3.96.981220122653.3122B-100000@servidor.exsocom.com.mx> In-Reply-To: <Pine.BSF.4.05.9812201756350.26418-100000@caladan.tdx.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Dec 1998, Karl Pielorz wrote: > > On Sun, 20 Dec 1998, Alejandro Galindo Chairez AGALINDO wrote: > > > Thanks Karl > > > > i was doing exactly like your suggestions, but in my mind the big problem > > is dont know how they access the servers, and how they did it across udp. > > when i reesinstalled the operating system of course i close all the back > > doors instelled from them but this morning i have the next monitoring: > > > > ----------------- Click here ----------------- > > [stats deleted] > > They seem to be sending you a lot of DNS (port 53) traffic - are you sure > your machine has been compromised again? - There are DoS (denial of > service) attacks for older verions Bind (the DNS system), but not many > exploits... > Yes, but they are using other ports for attack, not only the domain port 53, iam sure the machine is clean now becouse i reeinstall the operating system, and i only backup the suernames and password, nothing else. > As a temporary measure you could disable bind on your system, or if you > recompile your kernel with bpfilters you can get a tcpdump of the actual > traffic their sending, e.g. > > tcpdump host theirhostname.com > > This will show all traffic going to / from their host - and might give you > an idea of what's going on... Yes, right now iam monitoring with trafshow, and it use tcpdump, but i only can see with what protocol and port they are attacking Thanks for your help :) Regards Alejandro > > UDP traffic from port 53 to port 53 (DNS) is usually one name server > talking to another for queries... > > Hope that helps anyway, > > Regards, > > Karl > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981220122653.3122B-100000>