hmm, let me set you clear on that. This is not "new DOS", it's simply sinding lot's of udp packets to the victim. And they are destined to port 512 by default. So, to the original question: "Yes, that might be a new attack." Can you dump some packets and share? Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems > -----Original Message----- > From: Devdas Bhagat [mailto:devdas@worldgatein.net] > Sent: Thursday, July 26, 2001 16:31 > To: danielc@compman.co.uk; Daniel Crichton; firewalls@lists.gnac.net > Subject: Re: New UDP attack? > > > On Thu, 26 Jul 2001, Daniel Crichton spewed into the ether: > > Is there a new UDP to port 53 attack going on at the > moment? In the past > Probably yes. A DOS tool was announced today on Bugtraq. > Its not to port 53, any UDP service will do. Port 53 will be the most > common, nothing more than that. > > Chewed up a Linux machine of mine, required a hard reboot. <snip interesting mail> _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls