Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

new variation on synflood? NOT

From: John Comeau <jcomeau () dialtoneinternet net>
Date: Fri, 4 Aug 2000 07:49:57 -0400
Thanks very much to everyone for the many undeserved thoughtful replies after
my careless post. What we were seeing was simply very large-scale synfloods
(DS3 or greater both times I was involved). The 'garbage' to which I alluded
was simply an artifact of tcpdump on the libpcap version of tcpdump. The
command used was:

tcpdump -s 1000 -x -n

Of course, 2000 will show 2000 bytes; the larger you make it, the more it will
show you! This will NOT happen with the older tcpdump.

Apparently I'm in good company, several others have been bitten by the same
bug recently. I guess it's a good thing it got aired publicly, even if I have
to wear the dunce cap for a few days.
--
John Comeau - Chief Technology Officer
Dialtone Internet - Extremely Fast Web Systems
954-581-0097  fax://954-581-7629
jcomeau () dialtoneinternet net
http://www.dialtoneinternet.net
Previous By Date Next
Previous By Thread Next

Current thread: