Date: Sat, 22 Jan 2000 01:08:51 -0800 From: gdonl@tsc.tdk.com (Don Lewis) To: "Dan Seafeldt, AZ.COM System Administrator" <yankee@az.com>, security@FreeBSD.ORG Subject: Re: attack arbitration server Message-ID: <200001220908.BAA16378@salsa.gv.tsc.tdk.com> In-Reply-To: "Dan Seafeldt, AZ.COM System Administrator" <yankee@az.com> "attack arbitration server" (Jan 22, 12:24am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 22, 12:24am, "Dan Seafeldt, AZ.COM System Administrator" wrote: } Subject: attack arbitration server } } } Another idea... An option to send a special message upon attack to a } central server at CDROM or other appropriate third party. Networks could } 'elect' to be a part of an automatic notification service whereby a } special block and note was made in the OS to alert of contacts from } semi-blacklisted addresses. Other nearby intranet based machines could be } quickly notified as well. In addition, the FreeBSD Host or firewall being } notified could, upon sysadmin election, determine a level of 'throttle } back' or complete filtration from this IP block should contact be made. What are you going to block if the source addresses in the attack packets are forged? The attacker can easily insert the addresses of *.cdrom.com and *.root-servers.net, which will cause you to automagically block access to important servers in the Internet. That's a pretty nifty DoS. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220908.BAA16378>