[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

denial of service attack



Hello,
This is my first attempt at contacting "Bug Support" Let me just say
that we are impressed with  the product. I especially love the features
in version 3.5.
Anyway, I could be doing this wrong. Please let me know if I am. 
We have used OpenBSD since 2.7 and have loved it. We currently have
3.4. 3.4 did not have the ARP patch on the box. We did not install the
patch because 3.5 was around the corner.  
We recently had an ARP DOS attack on our 3.4 version. We had to restart
pf every five minutes to make the box work. We thought that by upgrading
to 3.5, we would not have to worry about the ARP patch on 3.4.
We placed a new box running 3.5 at the head of the network.  We were
still seeing large amounts of ARP broadcasts. These broadcasts were
coming from the 3.5 box. We knew that it was a machine on the local
network that was causing the problem. We traced it out and found the
machine. It was sending large amount of ARP requests to the 3.5 BSD box.
There were so many broadcasts that it was affecting other parts of the
network. 
Since 3.4 had this error which required a patch and a kernal rebuild I
assumed that the problem was still occurring in 3.5. Is this the case?
Please let me know so that I can take appropriate steps if it not the
case.
Also, if you need any network traces, let me know.

Thanks,





Aaron Leach
Network Analyst
Provo City
Provo, Utah
(801) 852-6955

[demime 0.98d removed an attachment of type application/octet-stream which had a name of Aaron Leach.28734DEFANGED-vcf]