[21956] in bugtraq
Re: UDP packet handling weird behaviour of various operating systems
daemon@ATHENA.MIT.EDU (Sean Hunter)
Sat Jul 28 21:46:55 2001
From: "Sean Hunter" <sean@uncarved.com>
Date: Sat, 28 Jul 2001 23:42:46 +0100
To: bugtraq@securityfocus.com
Message-ID: <20010728234246.A24408@uncarved.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010727085615.A5086@uncarved.com>; from sean@uncarved.com on Fri, Jul 27, 2001 at 08:56:15AM +0100
Content-Transfer-Encoding: 8bit
Regular readers of this list may be amused to know that since this message hit
the list I have been subject to sustained attempts to attack my host using the
udp flood thingy (and other methods) from many different source addresses.
Before I got bored, I logged more than 500 unique source addresses in less than
an hour. I have also been subjected to several port scans, some of whom forged
the addresses of some of the icann root nameservers as the source addresses of
their packets[1]. This attack has given me the perfect chance to test out my
firewall rules "in anger", and has shown that the udp rate limiter detailed in
my previous message works perfectly (although I have made some tweaks since the
original posting that have improved its performance further).
I'd like to thank those who helped me test my firewall for their interest, but
the box is still perfectly usable and I'd appreciate it if they could turn
their attentions elsewhere.
Thanks
Sean
[1]I don't use the ICANN root, so I don't contact the rsc root servers very
often as you might imagine.
