From owner-freebsd-questions  Mon May 17 15:44:21 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from mpinet.net (mail.mpinet.net [207.203.248.14])
	by hub.freebsd.org (Postfix) with SMTP id D0D2715126
	for <freebsd-questions@FreeBSD.ORG>; Mon, 17 May 1999 15:44:18 -0700 (PDT)
	(envelope-from mtber@mpinet.net)
Received: (MPINet Mailer 12094 invoked from network); 17 May 1999 22:45:47 -0000
Received: from unknown (HELO mpinet.net) (216.77.46.49)
  by smtp.mpinet.net with SMTP; 17 May 1999 22:45:47 -0000
Message-ID: <37409C2D.E364AC6@mpinet.net>
Date: Mon, 17 May 1999 18:46:05 -0400
From: John <mtber@mpinet.net>
X-Mailer: Mozilla 4.5 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: Doug White <dwhite@resnet.uoregon.edu>
Cc: matt <matt@Mlink.NET>, freebsd-questions@FreeBSD.ORG
Subject: Re: Freebsd2.2.8 syn problem.
References: <Pine.BSF.4.03.9905171500030.15052-100000@resnet.uoregon.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

That would not solve my problem.
What I am going to do is block udp on every port exept 53 and hope that synk4
uses a mix of udp and syn-ack.
I think blocking udp will stop it. I hope it does ill know tomoro. I really
wish FreeBSD would make a patch for this problem. I have seen a patch on many
security sites for 3.1. If any FreeBSD development team members can help me
feel free to email me back.
BTW: If you dont know what im talking about its the freebsd synk remote reboot
"bug".

Thanks,
John (mtber@mpinet.net)

Doug White wrote:

> On Mon, 17 May 1999, matt wrote:
>
> > On Mon, 17 May 1999, Doug White wrote:
> >
> > : On Sun, 16 May 1999, John wrote:
> > :
> > : > When my machine recives an attack on a system port ex: 113 it reboots
> > : > after about 2 min.
> > :
> > : Well maybe, if you don't need POP running, that would help.
> >
> > Isn't 113 auth(identd) and pop3 would be 110....
>
> Dooh!
>
> Yeah, I've run into that.  I just set up the rule
>
> reset tcp from any to any 113
>
> on the offended box and it shut up. :)
>
> Doug White
> Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
> http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message