On Apr 21, 9:33am, "Alexander B. Povolotsky" wrote:
} Subject: New DoS attack?
> Strangely, I've posted this message TWICE, but still don't see it...
This is the first time I've seen it. Is the other address subscribed
to security@freebsd.org or freebsd-security@freebsd.org?
> During last months, I've experienced several STRANGE hangs. TCP stack worked
> OK, while nothing else did. I thought of poor hardware, instable snap,
> everything else.
>
> Several days ago, I've heard _rumor_ of DoS attack on BSD stack, based on TCP
> packet sent to or maybe from port 0. I've installed ipfw rule:
>
> drop log tcp from any 0 to any
>
> and today I've found two packets destined from 200.255.209.92 port 0 dropped.
> They were destined to port 143 (imap), while I'm 101% sure that no one from
> mi-rj52.montreal.com.br have any mail account on my box.
Could you (anyone?) dump all packets coming from/going to port 0 using tcpdump
and send me any logs? I'm not sure if this means you'll have to turn off the
ipfw rule, I don't know at what stage the packets get filtered.
Niall
--
Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk
FreeBSD: Turning PC's into Workstations: www.freebsd.org
Annoy your enemies and astonish your friends:
echo "#define if(x) if (!(x))" >> /usr/include/stdio.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message