hi ya petra lots of different kind of floods...and DoS attacks... what kind of attack are oyu under ??? -- what shows up in tcpdump when monitoring all traffic on the wire ???
if you're an "amplifier" .. you have to turn off icmp broadcasts at your incoming cisco router/fw to test if you are a smurf amplifier.. see the links at http://www.Linux-Sec.net/harden/smurf.fix.txt to test your DNS config.... http://www.Linux-Sec.net/Audit/audit_tools.gwif.html#DNS to harden your dns servers... and spoof protecting etc .. http://www.Linux-Sec.net/Harden/server.gwif.html#DNS and lot of other stuff to harden too in addition to dns http://www.Linux-Sec.net/Harden/ have fun alvin On Sun, 30 Dec 2001, Petre Daniel wrote: > Hello Nate,it seems i cant get the link of the advisory.Its about some sort > of amplyfing flood,when an ousider makes spoofed queries to the bind daemon > and another one ,the victim is flooded along with me the attacked.. > Thx..