[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VERY WEIRD ATTACK ??

To: "Jason L. Schwab" <skalir@uswest.net>
Subject: Re: ** VERY WEIRD ATTACK ?? **
From: Hugh Graham <hugh@openbsd.org>
Date: Wed, 2 Feb 2000 21:56:38 -0800
Cc: freebsd-security@freebsd.org, tech@openbsd.org,openbsd-tech@openbsd.org, ghandi@mindless.com, petef@databits.nrt,rojah@uswest.net, mvmfaust@hotmail.com, dig@tasam.com,kidlinux@phi.compinet.com
References: <3898F473.BEDCC5FD@uswest.net>

On Wed, Feb 02, 2000 at 08:22:27PM -0700, Jason L. Schwab wrote:
> My machine is running named 4.9.7 (OpenBSD 2.6 with custom kernel)
> 
> this has happened twice now.... 
> 
> Each time this happens, my box totally freaks out, doesn't lock up
> or die per say, but all network connections instantly die. cant even
> ping it till about 5-10 mins later and its back again just like normal.
> 
> 
> any ideas? Thanks!
> 
> 
<a log of named complaining about sendto returning ENOBUFS deleted>

It's only an educated guess, but I'll wager this is not named's
fault. Most likely your machine was under some generic DoS attack
which saturated your link. Named complained because it noticed it
couldn't send to the network as it went about its normal named
business. I'd expect to see other daemons complaining in such a
log though.

Check: ``netstat -ssp ip'' from  time to time, and see if it has
gone up in a burp after one of these loss of service episodes.

If you're pretty sure I'm wrong, the obvious check is to kill named
and see if the problem occurs again.

/Hugh

References:
- ** VERY WEIRD ATTACK ?? **
  - From: "Jason L. Schwab" <skalir@uswest.net>
- ** VERY WEIRD ATTACK ?? **
  - From: "Jason L. Schwab" <skalir@uswest.net>

Prev by Date: Elf shared library building (bsd.lib.mk)
Next by Date: Re: JFS
Prev by thread: ** VERY WEIRD ATTACK ?? **
Next by thread: Re: ** VERY WEIRD ATTACK ?? **
Index(es):
- Date
- Thread

Re: ** VERY WEIRD ATTACK ?? **

Re: VERY WEIRD ATTACK ??