Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Jan 2000 10:34:41 -0700
From:      Wes Peters <wes@softweyr.com>
To:        Don Lewis <Don.Lewis@tsc.tdk.com>
Cc:        Richard Steenbergen <ras@above.net>, Alfred Perlstein <bright@wintelcom.net>, freebsd-security@freebsd.org
Subject:   Re: stream.c
Message-ID:  <388C8D31.899AF4FC@softweyr.com>
References:  <20000123102829.C18349@above.net> <20000123083234.N26520@fw.wintelcom.net> <20000123112220.E18349@above.net> <200001240738.XAA21595@salsa.gv.tsc.tdk.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Don Lewis wrote:
> 
> On Jan 23, 11:22am, Richard Steenbergen wrote:
> }
> } The checksums are a pretty small amount of the CPU time burned. The RST
> } generation is by far the worst, the PCB hash lookups are 2nd after that.
> 
> Any idea why RST generation is so bad?

Because the stream program sends packets with multicast source addresses, so
the RSTs get returned to multicast addresses.  Worse yet, we don't have an
existing route for these bogus multicast addresses, so IP happily floods them
on all interfaces, making the attack a packet exploder.

Warner has a handle on this, why don't we wait for his SA and patch?

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?388C8D31.899AF4FC>