[4944] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix\
daemon@ATHENA.MIT.EDU (Avi Freedman)
Thu Oct 3 02:49:45 1996
From: Avi Freedman <freedman@netaxs.com>
To: bass@cactus.silkroad.com (Tim Bass)
Date: Thu, 3 Oct 1996 02:46:37 -0400 (EDT)
Cc: nanog@merit.edu, iepg@iepg.org
In-Reply-To: <199610030453.AAA00268@cactus.silkroad.com> from "Tim Bass" at Oct 3, 96 00:53:59 am
> The draft BCP that people are working on is OK.
>
> However, much of what I have seen today in my lab, might
> be better off discussed in private... I'll say, as most
> of you know, SR filtering is useful, but it cannot
> stop the attacks.
>
> Kernel Protection and Recovery Tools are Critical
> and Needed in a Hurry.
>
> Right now, I could use a 'simple command line flush
> the queue, close all sockets, release all descriptors'
> tool.
Comment out the line in /etc/inetd.conf; kill -1 the inetd proc;
stop any processes listing on those ports; comment it back in;
kill -1 inetd again. If you want to command-line it, move a file with
the commented line in and out of /etc/inetd.conf's place.
When there's nothing listening on those ports all the sockets, descriptors,
queues, pcbs, etc... go away.
Is this not what you were thinking of?
> If anyone has such a critter, it is one more brick
> in the wall.
>
> Please let me know. via e-mail, thanks.
>
> Regards,
>
> Tim
Avi
