icmp problem

Tom Nichols tomn at team.citx.net
Wed Mar 14 19:47:35 UTC 2001


Excuse me?  Are you a newbie to the net?  Check the logs in your routers. Also, check
www.sans.org

A very famous and common UDP spam is sent in a multitude of packets attempting to hit
UDP services such as chargen to flood your bandwidth and hog the network, creating
what is referred to as a Denial of Service.

For more information, search www.raging.com for D.O.S or denial of service.


To the point, if you have this service running, it will respond. Check security
information sites on how to secure public accessible servers.

So, a UDP spammer floods your DNS server with UDP packets...what does your DNS server
do? Responds or tries to respond back, thus creating a D.O.S due to traffic volume
that's not really DNS traffic.

If your DNS has memory leaks on top of that as well, CRASH will occur sooner than
later.

Even if a spammer isn't doing this today, why leave it open to attack?
Joseph S D Yao wrote:

> On Wed, Mar 14, 2001 at 08:47:30AM -0500, Tom Nichols wrote:
> ...
> > We turn off almost all UDP services to prevent our systems from responding to UDP
> > floods. Works great.
> ...
>
> ;-)
>
> Well, we keep a couple of PDP-11/45's running UNIX 5th edition in the
> basement to prevent elephant stampedes.  This also works great.  We
> have had no elephant stampedes in the last 25 years.
>
> ;-)
>
> To the point - what makes you think that there would be any UDP floods
> if you did enable UDP on your name servers?  Have you tried and had
> problems?
>
> --
> Joe Yao                         jsdy at cospo.osis.gov - Joseph S. D. Yao
> COSPO/OSIS Computer Support                                     EMT-B
> -----------------------------------------------------------------------
> This message is not an official statement of COSPO policies.


-- Binary/unsupported file stripped by Listar --
-- Type: text/x-vcard
-- File: tomn.vcf
-- Desc: Card for Tom Nichols




More information about the bind-users mailing list