From owner-freebsd-security Sat Jan 22 1: 9:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id F0FAA14C23 for ; Sat, 22 Jan 2000 01:09:07 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id BAA19774; Sat, 22 Jan 2000 01:08:52 -0800 (PST) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id BAA53978; Sat, 22 Jan 2000 01:08:51 -0800 (PST) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id BAA16378; Sat, 22 Jan 2000 01:08:51 -0800 (PST) Message-Id: <200001220908.BAA16378@salsa.gv.tsc.tdk.com> From: gdonl@tsc.tdk.com (Don Lewis) Date: Sat, 22 Jan 2000 01:08:51 -0800 In-Reply-To: "Dan Seafeldt, AZ.COM System Administrator" "attack arbitration server" (Jan 22, 12:24am) X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: "Dan Seafeldt, AZ.COM System Administrator" , security@FreeBSD.ORG Subject: Re: attack arbitration server Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Jan 22, 12:24am, "Dan Seafeldt, AZ.COM System Administrator" wrote: } Subject: attack arbitration server } } } Another idea... An option to send a special message upon attack to a } central server at CDROM or other appropriate third party. Networks could } 'elect' to be a part of an automatic notification service whereby a } special block and note was made in the OS to alert of contacts from } semi-blacklisted addresses. Other nearby intranet based machines could be } quickly notified as well. In addition, the FreeBSD Host or firewall being } notified could, upon sysadmin election, determine a level of 'throttle } back' or complete filtration from this IP block should contact be made. What are you going to block if the source addresses in the attack packets are forged? The attacker can easily insert the addresses of *.cdrom.com and *.root-servers.net, which will cause you to automagically block access to important servers in the Internet. That's a pretty nifty DoS. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message