Subject: Re: telnetd core
To: Wolfgang S. Rupprecht <wolfgang+gnus20021230T142236@wsrcc.com>
From: Wojciech Puchar <wojtek@tensor.3miasto.net>
List: netbsd-users
Date: 01/04/2003 19:28:02
> > full tcpdump is started for this port.
> >
> > all i need is to wait for attacker or (or RAM/CPU error).
>
> Make sure you run it with '-s 1500' to get the full packets, and it
> wouldn't hurt to run it with '-w /tmp/telnet.tcpdump' so you can play
> back the data if you snag something interesting.
>
since 2 days i'm under attack again and have >2MB gzipped dumps but no
telnetd.core for now...

if telnetd.core will happen, with full traffic dump it will be possible to
check if it's machine problem or telnetd bug...