Date: Fri, 13 Apr 2001 09:04:51 -0600 From: mike <mike@coloradosurf.com> To: freebsd-security@freebsd.org Subject: a couple boxes getting hammered with ip frags Message-ID: <20010413090451.A46082@coloradosurf.com>
next in thread | raw e-mail | index | archive | help
Hi all, Sorry for posting yet another item on ipfw -1 (especially to Crist), but... I have two web production boxes that were hammered yesterday (from about 9:30 am to 12:30 pm) with (what I assumed to be) ip frags (a very long list of "/kernel: ipfw: -1 Refuse TCP e.f.g.h:54661 a.b.c.d:80 in via rl0"). They were coming from many different ips. A brief search did not show any consistency in the ips that were hitting the two machines. I am therefore assuming (danger danger) that is was more likely a network issue that may have been causing the fragments and not some type of Dos or attempt to 'circumvent' the firewall. And, since I'm not so sure, I was hoping someone might be able to shed a little more light on this one. Thanks! mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010413090451.A46082>