thankz a lot.
Well the thing is,after i've read that advisory,2 days laterz my network
was flooded,like the the traffic was very slow and nothing resolved anymore..
I noticed the stranged thing that the main ns/mailserver (bind 9.1)had
difficulties resolving things around,even internally,so mail was kindof
blocked..
Thx for links..
its Daniel..
At 06:12 AM 12/30/01 -0800, Alvin Oga wrote:
hi ya petra
lots of different kind of floods...and DoS attacks...
what kind of attack are oyu under ???
-- what shows up in tcpdump when monitoring all traffic
on the wire ???
if you're an "amplifier" .. you have to turn off icmp broadcasts
at your incoming cisco router/fw
to test if you are a smurf amplifier.. see the links at
http://www.Linux-Sec.net/harden/smurf.fix.txt
to test your DNS config....
http://www.Linux-Sec.net/Audit/audit_tools.gwif.html#DNS
to harden your dns servers... and spoof protecting etc ..
http://www.Linux-Sec.net/Harden/server.gwif.html#DNS
and lot of other stuff to harden too in addition to dns
http://www.Linux-Sec.net/Harden/
have fun
alvin
On Sun, 30 Dec 2001, Petre Daniel wrote:
> Hello Nate,it seems i cant get the link of the advisory.Its about some
sort
> of amplyfing flood,when an ousider makes spoofed queries to the bind
daemon
> and another one ,the victim is flooded along with me the attacked..
> Thx..
Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200
