hi ya petra
lots of different kind of floods...and DoS attacks...
what kind of attack are oyu under ???
-- what shows up in tcpdump when monitoring all traffic
on the wire ???
if you're an "amplifier" .. you have to turn off icmp broadcasts
at your incoming cisco router/fw
to test if you are a smurf amplifier.. see the links at
http://www.Linux-Sec.net/harden/smurf.fix.txt
to test your DNS config....
http://www.Linux-Sec.net/Audit/audit_tools.gwif.html#DNS
to harden your dns servers... and spoof protecting etc ..
http://www.Linux-Sec.net/Harden/server.gwif.html#DNS
and lot of other stuff to harden too in addition to dns
http://www.Linux-Sec.net/Harden/
have fun
alvin
On Sun, 30 Dec 2001, Petre Daniel wrote:
> Hello Nate,it seems i cant get the link of the advisory.Its about some sort
> of amplyfing flood,when an ousider makes spoofed queries to the bind daemon
> and another one ,the victim is flooded along with me the attacked..
> Thx..
