Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: DoS attack against TCP services



	Hello.  The output from the sample netstat indicates that some process
on the machine from which this output was taken is opening up  a bunch of
connections to remote sites on port 53.  I think it would be interesting to
know if all of these connections are generated from the same process or
not.  I'm pretty sure you can get this behavior if a process fails to
close(2) a file descriptor after the connection has terminated.  I wonder
if there's some rogue process running on this machine that's been badly
coded to give itself away by engaging in this bad behavior.  Knowing
nothing else, I'd be concerned about a potential security  breech on this
machine.
-thanks
-Brian



Home | Main Index | Thread Index | Old Index