From owner-freebsd-current Mon May 20 21:53:36 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id VAA25623 for current-outgoing; Mon, 20 May 1996 21:53:36 -0700 (PDT) Received: from apocalypse.superlink.net (root@apocalypse.superlink.net [205.246.27.150]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id VAA25610 for ; Mon, 20 May 1996 21:53:30 -0700 (PDT) Received: (from marxx@localhost) by apocalypse.superlink.net (8.7.5/8.7.3) id VAA00721; Mon, 20 May 1996 21:02:49 -0400 (EDT) Date: Mon, 20 May 1996 21:02:49 -0400 (EDT) From: "Charles C. Figueiredo" To: "Brett L. Hawn" cc: current@FreeBSD.ORG Subject: Re: freebsd + synfloods + ip spoofing In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Using DES as a random number generator would be excellent, but might not be quick enough. It was rather nicely discussed in a IP spoofing and TCP sequence prediction paper I read. Being easy to syn flood + spoof has not much to do when it comes to FreeBSD vs. Linux, after 1.3.7x I believe a patch isn't even needed to spoof an IP packet. Let's face it, it would be somewhat silly to attempt to disallow IP packet spoofing, all you're doing it manually building a IP header, and sending it away. Traceroute and the such need to generate their own headers. Besides, unless your clueless losers and lame crackers gain root, they can't open raw sockets. Most spoofing/sequencing/hijacking attempts an experiments are from people with individual workstations, connected, not users on a server. Practically all Unices are easy to syn flood + spoof on, ok, it only takes 8 requests to hose, but that's irrelevant. The problem doesn't lye in how quickly, it's that it occurs. The problem shouldn't be delt with on the client side, but on the server side. Regards, Marxx "I don't want to grow up, I'm a BSD kid. There's so many toys in /usr/bin that I can play with!" ------------------------------------------------------------------------------ Charles C. Figueiredo Marxx marxx@superlink.net ------------------------------------------------------------------------------ On Mon, 20 May 1996, Brett L. Hawn wrote: > While chatting with my fellow administrator we were discussing (yes, the age > old argument) freebsd vs linux. One of the points he made was that even the > latest releases of fbsd are easy to synflood & spoof. Now for us and OUR > users this isn't a problem since we have filters on our cisco that disallows > spoofing but lets face it, most ISP's are clueless. My roommate who keeps up > with fbsd somewhat more than I do was just chatting with me about this fact > and mentioned that someone is working on the socket code and I thought I'd > mention this problem since it is (imho) a SERIOUS security problem for those > who don't neccessarily know better. > > On the same topic I had been doing some thinking about tcp sequecing and I > was contemplating using a DES noise generator to procude pseudo-random > numbers (this idea compliments of the folks on #unix) for the sequencing, > any comments? > > Brett > >