New Denial of Service Attack on Panix\

Avi Freedman freedman at netaxs.com
Thu Oct 3 06:46:37 UTC 1996


> The draft BCP that people are working on is OK.
> 
> However,  much of what I have seen today in my lab, might
> be better off discussed in private... I'll say, as most
> of you know, SR filtering is useful, but it cannot
> stop the attacks. 
> 
> Kernel Protection and Recovery Tools are Critical
> and Needed in a Hurry.
> 
> Right now, I could use a 'simple command line flush
> the queue, close all sockets, release all descriptors'
> tool.

Comment out the line in /etc/inetd.conf; kill -1 the inetd proc;
stop any processes listing on those ports; comment it back in; 
kill -1 inetd again.  If you want to command-line it, move a file with 
the commented line in and out of /etc/inetd.conf's place.

When there's nothing listening on those ports all the sockets, descriptors,
queues, pcbs, etc... go away.

Is this not what you were thinking of?

> If anyone has such a critter, it is one more brick
> in the wall.
> 
> Please let me know. via e-mail, thanks.
> 
> Regards,
> 
> Tim

Avi






More information about the NANOG mailing list