Re: DoS attack - advice needed

From: Chris Byrnes (chris@jeah.net)
Date: 03/22/01 

Date: Thu, 22 Mar 2001 11:19:09 -0600 (CST)
From: Chris Byrnes <chris@jeah.net>
To: ostap <ostap@ukrpost.net>

> Thank you for your help,
> unfortunately i can't analyze it that deep,
> 'cos it was a one-time attack. i came there late in the
> evening, saw the problem, rebooted and everything was fine.
> so, no trafic snapshots unfortunately.
> looks like the guy issued one command, and the box went mad.
> i guess this wasn't that sophisticated,
> logs show traces of a usual portscanning software,
> it was ran twice or so, and then whole the thing started.
> it seems like the guy wasn't very experienced and was just
> playing around with some soft, exploiting some general hack,
> and then went home.
> i know that 3.3release is quite old, and should be ugraded of course,
> but i never thought it could be broken in such an easy way, without
> efforts,
> just using some standard tool.
> any ideas?

I run a few servers that are very high profile, and very succeptable to
DOS attacks, both on the local lan and on the internet.

I'd definitely upgrade to 4.2-STABLE (well, it's 4.3-BETA atm).

And, while we're on the subject, who needs ICMP? I haven't found a valid
use for it.

+ Chris Byrnes, chris@JEAH.net
 + JEAH Communications
  + 1-866-AWW-JEAH (Toll-Free)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message