From owner-freebsd-current Mon May 20 20:17:20 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id UAA16196 for current-outgoing; Mon, 20 May 1996 20:17:20 -0700 (PDT) Received: from nol.net (root@dazed.nol.net [206.126.32.101]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id UAA16172 for ; Mon, 20 May 1996 20:17:17 -0700 (PDT) Received: from dazed.nol.net (blh@dazed.nol.net [206.126.32.101]) by nol.net (8.7.5/8.7.3) with SMTP id WAA01524 for ; Mon, 20 May 1996 22:17:12 -0500 (CDT) X-AUTH: NOLNET SENDMAIL AUTH Date: Mon, 20 May 1996 22:17:11 -0500 (CDT) From: "Brett L. Hawn" To: current@freebsd.org Subject: freebsd + synfloods + ip spoofing Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk While chatting with my fellow administrator we were discussing (yes, the age old argument) freebsd vs linux. One of the points he made was that even the latest releases of fbsd are easy to synflood & spoof. Now for us and OUR users this isn't a problem since we have filters on our cisco that disallows spoofing but lets face it, most ISP's are clueless. My roommate who keeps up with fbsd somewhat more than I do was just chatting with me about this fact and mentioned that someone is working on the socket code and I thought I'd mention this problem since it is (imho) a SERIOUS security problem for those who don't neccessarily know better. On the same topic I had been doing some thinking about tcp sequecing and I was contemplating using a DES noise generator to procude pseudo-random numbers (this idea compliments of the folks on #unix) for the sequencing, any comments? Brett