From owner-freebsd-security  Wed Jun 21 10: 2:49 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1])
	by hub.freebsd.org (Postfix) with ESMTP id C4C4237C17F
	for <freebsd-security@FreeBSD.ORG>; Wed, 21 Jun 2000 10:02:44 -0700 (PDT)
	(envelope-from vdrifter@ocis.ocis.net)
Received: from localhost (vdrifter@localhost)
	by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id KAA05832;
	Wed, 21 Jun 2000 10:02:35 -0700
Date: Wed, 21 Jun 2000 10:02:35 -0700 (PDT)
From: John F Cuzzola <vdrifter@ocis.ocis.net>
To: Mike Silbersack <silby@silby.com>
Cc: Maksimov Maksim <maksim@tts.tomsk.su>,
	freebsd-security@FreeBSD.ORG
Subject: Re: How defend from stream2.c attack?
In-Reply-To: <Pine.BSF.4.21.0006211113140.60705-100000@achilles.silby.com>
Message-ID: <Pine.LNX.4.21.0006210959020.5119-100000@ocis.ocis.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hi There,
Thanks for the information. I use alot of FreeBSD servers as dedicated
firewalls and as such am very interested in this kind of information. I
have set net.inet.icmp.icmplim down to 20 (it was set at 200) as
recommended and was wondering what exactly does this variable do? Also do
you recommend compiling the kernel with the restrict RST option as well
and what are the implications of doing so? (ie: what does it break?)

Tanks Mike (& everyone who contributes to this listserv)




On Wed, 21 Jun 2000, Mike Silbersack wrote:

> 
> Is ICMP_BANDLIM enabled?  If so, crank net.inet.icmp.icmplim down to 20 or
> so, and you should be just as protected as if enabling the restrict RST
> option.
> 
> (And if it's not compiled in, do so!)
> 
> Mike "Silby" Silbersack
> 
> On Wed, 21 Jun 2000, Maksimov Maksim wrote:
> 
> > How defend from stream2.c attack (flooding ACK-packets) on my FreeBSD box?
> > I install FreeBSD 4.0-20000608-STABLE, but stream2.c attack freezed this
> > FreeBSD box as before!
> > Help!
> > 
> > Best regards,
> > Maks Maksimov                           mailto:maksim@tts.tomsk.su
> > 
> > 
> > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message