Date: Fri, 23 Feb 1996 17:32:52 -0800 (PST) From: "az.com" <yankee@anna.az.com> To: freebsd-security@freebsd.org Subject: Re: Alert: UDP Port Denial-of-Service Attack (fwd) Message-ID: <Pine.BSF.3.91.960223172009.1975A-100000@anna.az.com> In-Reply-To: <9602231537.AA03433@halloran-eldar.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Regarding the udp denial-of-services attack issues and the discussions of disabling chargen, daytime, echo, etc. Do the similar entries in /etc/inetd.conf that use the same names but are listed as tcp services apply in any way to this as well? What adverse affects would there be to nukeing them all, both the udp and tcp services? While were at it... May I make a suggestion to anyone listening as well... (Cisco?, Wellfleet?, Livingston?) Routers and/or firewall specific devices should be (are they?) programmed with a choke option that looks for and allows a listing of top talkers via snmp in terms of ip address in a similar way one would use a network general to look at top talking macs on a lan. Also the router code should have a choke option to dial down allocated bandwidth to a particular ip address if it goes psycho. The idea here would be able to visually see at a glance a traffic count by ip out of a defined tolerance level. It would just be plain nice to see top ip talkers from out there period. I don't know what *your* experiencing out there, but the internet is getting increasingly nasty and we're going to all (isp's and government computers) need some really sophisticated tools shortly.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960223172009.1975A-100000>