Re: New Denial of Service Attack on Panix\

[Avi Freedman <freedman () netaxs com>]

> The draft BCP that people are working on is OK.
>
> However,  much of what I have seen today in my lab, might
> be better off discussed in private... I'll say, as most
> of you know, SR filtering is useful, but it cannot
> stop the attacks. 
>
> Kernel Protection and Recovery Tools are Critical
> and Needed in a Hurry.
>
> Right now, I could use a 'simple command line flush
> the queue, close all sockets, release all descriptors'
> tool.

Comment out the line in /etc/inetd.conf; kill -1 the inetd proc;
stop any processes listing on those ports; comment it back in; 
kill -1 inetd again.  If you want to command-line it, move a file with 
the commented line in and out of /etc/inetd.conf's place.

When there's nothing listening on those ports all the sockets, descriptors,
queues, pcbs, etc... go away.

Is this not what you were thinking of?

> If anyone has such a critter, it is one more brick
> in the wall.
>
> Please let me know. via e-mail, thanks.
>
> Regards,
>
> Tim

Avi

- - - - - - - - - - - - - - - - -