Date: Sat, 8 Jul 2000 21:04:23 -0400 (EDT) From: Matt Heckaman <matt@ARPA.MAIL.NET> To: J & C Frazier <admin@csocs.com> Cc: freebsd-isp@freebsd.org Subject: Re: Namedb attacks Message-ID: <Pine.BSF.4.21.0007082059290.52428-100000@epsilon.lucida.qc.ca> In-Reply-To: <3967C586.DAEF4D37@csocs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 8 Jul 2000, J & C Frazier wrote: ... : B class block. I've added the following to ipfw: : 12345 0 0 unreach host tcp from 211.72.0.0 to any : 12346 0 0 unreach host udp from 211.72.0.0 to any : : And as you can see it hasn't caught anything or blocked anything. I : had initially assumed it was a DoS on bind, as every 20 minutes or so : it will cause bind to reload it's zones. Bind is running in a sandbox : also. Use: ipfw add unreach host tcp from 211.72.0.0/16 to any It should fix your problem. : Then to make matters worse, a few strange things happened last night. : My cgi shopping cart lost all it's datafiles, along with a few other : strange happenings. ... : Jul 7 21:21:58 shell /kernel: pid 27004 (doscmd), uid 1013: exited on : signal 10 (core dumped) doscmd got unhappy and core dumped. Probably nothing to worry about. : Jul 8 04:52:37 shell ftpd[35348]: getpeername (./ftpd): Socket : operation on non-socket Weird. Could be an attempt at the new ftpd exploit, hope you're patched. : Jul 8 11:31:03 shell inetd[37173]: warning: can't get client address: : Connection reset by peer No big deal to worry about usually. Just a connection reset by peer. : Any insight or help would be greatly appreciated. I'm running : 3.4-STABLE on an ASUS board with dual PII 450's and 512mb RAM. : Cvsupped and built last on Sun May 14 14:05:57 MDT 2000. : : J.C. Frazier * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5Z8+YdMMtMcA1U5ARAssnAKCSM2092wWjUQotVy4svIGgIfddSQCeM+PF 2jxxgsFb7lkfy4ifvrPYEO4= =WgxY -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007082059290.52428-100000>