[ale] Em

[Joe Steele]

I doubt there are any IP addresses in the hex data that was dumped to the 
log.  On the other hand, the SYN flood warnings in your log do give you 
source IP addresses.  Those will be the only source info that's available. 
 Unfortunately, if you were in fact subjected to a SYN attack, then the 
attacker would likely have used a phony source address anyway, making it 
difficult if not impossible to trace back.

I don't have much to suggest as far as a solution.  It's conceivable that 
it's not even an actual attack, but is caused by something else.  As I 
think I said before, SYN flooding may interfere with network traffic, but 
it shouldn't cause an oops message.  Possibly a tcpdump on the network 
interface would show something that confirms an attack.

You might try running your logs past the linux-net at vger.rutgers.edu mailing 
list.  (the list can be joined by sending e-mail to 
majordomo at vger.rutgers.edu with 'subscribe linux-net' in the body.)

--Joe

-----Original Message-----
 From:	jj at spiderentertainment.com [SMTP:jj at spiderentertainment.com]
Sent:	Friday, October 08, 1999 5:25 PM
To:	ale at ale.org
Subject:	Re: [ale] Em


In these HEX numbers, is there an IP address I can extract ?