From owner-freebsd-hackers  Sat May  3 02:10:09 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id CAA20167
          for hackers-outgoing; Sat, 3 May 1997 02:10:09 -0700 (PDT)
Received: from obiwan.psinet.net.au (obiwan.psinet.net.au [203.19.28.59])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA20162
          for <hackers@FreeBSD.ORG>; Sat, 3 May 1997 02:10:04 -0700 (PDT)
Received: from localhost (adrian@localhost)
	by obiwan.psinet.net.au (8.8.5/8.8.5) with SMTP id QAA09442;
	Sat, 3 May 1997 16:54:24 +0800 (WST)
Date: Sat, 3 May 1997 16:54:24 +0800 (WST)
From: Adrian Chadd <adrian@obiwan.psinet.net.au>
To: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
cc: "Jeffrey J. Mountin" <sysop@mixcom.com>, hackers@FreeBSD.ORG
Subject: Re: SPAM target
In-Reply-To: <Pine.BSF.3.91.970503182121.4479N-100000@panda.hilink.com.au>
Message-ID: <Pine.BSF.3.95q.970503165208.9426B-100000@obiwan.psinet.net.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


> A T1 line is capable of 192kbytes/sec, so 192 collaborators would be able 
> to saturate a T1 line with essentially zero cost to themselves.  Because 
> of the spoofed src addresses, the cost of receiving the RST packets is 
> spread throughout the entire Internet.
> 

Try making the src IP 127.0.0.1 .. I don't know how many people firewall
packets at their routers with a source IP of that (which reminds me, I
have to *grin*)

> Now, who's going to write this program?

I will.

Oh wait a tick, I already have written it .. *ducks*

Problem is Linux DOES have some interesting (development) anti-DoS code 
(someone have a look at the 2.0.30 kernel, or the ISS patches to 2.0.29).

I haven't tested it personally but some people say it works reasonably
well for something under development (in a 2.0 kernel series? *stable*
kernels? *giggle*)

Adrian.