[16079] in bugtraq
new variation on synflood? NOT
daemon@ATHENA.MIT.EDU (John Comeau)
Fri Aug 4 11:41:54 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <398AADE5.B99A8CE2@dialtoneinternet.net>
Date: Fri, 4 Aug 2000 07:49:57 -0400
Reply-To: jcomeau@dialtoneinternet.net
From: John Comeau <jcomeau@DIALTONEINTERNET.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Thanks very much to everyone for the many undeserved thoughtful replies after
my careless post. What we were seeing was simply very large-scale synfloods
(DS3 or greater both times I was involved). The 'garbage' to which I alluded
was simply an artifact of tcpdump on the libpcap version of tcpdump. The
command used was:
tcpdump -s 1000 -x -n
Of course, 2000 will show 2000 bytes; the larger you make it, the more it will
show you! This will NOT happen with the older tcpdump.
Apparently I'm in good company, several others have been bitten by the same
bug recently. I guess it's a good thing it got aired publicly, even if I have
to wear the dunce cap for a few days.
--
John Comeau - Chief Technology Officer
Dialtone Internet - Extremely Fast Web Systems
954-581-0097 fax://954-581-7629
jcomeau@dialtoneinternet.net
http://www.dialtoneinternet.net
