Date: Wed, 21 Jun 2000 17:24:29 -0700 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: "Maksimov Maksim" <maksim@tts.tomsk.su>, <freebsd-security@FreeBSD.ORG> Subject: Re: How defend from stream2.c attack? Message-ID: <200006220024.RAA05975@salsa.gv.tsc.tdk.com> In-Reply-To: <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su> References: <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 21, 5:36pm, "Maksimov Maksim" wrote: } Subject: How defend from stream2.c attack? } How defend from stream2.c attack (flooding ACK-packets) on my FreeBSD box? } I install FreeBSD 4.0-20000608-STABLE, but stream2.c attack freezed this } FreeBSD box as before! This version of FreeBSD should be fairly immune to the standard stream2.c attack (even without ICMP_BANDLIM, which I would recommend using). It seems the biggest part of the problem was caused by the incoming packets which had IP addresses in the multicast range. We tweaked tcp_input() so that these get ignored. We didn't do anything about broadcast source addresses, so if you are attacked by a variant of stream2 that uses these you could still have problems. I would recommend adding packet filter rules that block incoming packets with IP broadcast addresses, both 255.255.255.255, and the broadcast address(es) of your local network(s). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006220024.RAA05975>