From owner-freebsd-security  Wed Jun 21 21:27:44 2000
Delivered-To: freebsd-security@freebsd.org
Received: from tts.tomsk.su (tts.tomsk.su [212.20.50.9])
	by hub.freebsd.org (Postfix) with ESMTP id 315E537B5B2
	for <freebsd-security@freebsd.org>; Wed, 21 Jun 2000 21:27:32 -0700 (PDT)
	(envelope-from maksim@tts.tomsk.su)
Received: from dragonland (unverified [212.20.50.12]) by tts.tomsk.su
 (Rockliffe SMTPRA 2.1.6) with SMTP id <B0000232898@tts.tomsk.su> for <freebsd-security@FreeBSD.ORG>;
 Thu, 22 Jun 2000 12:27:24 +0800
From: "Maksimov Maksim" <maksim@tts.tomsk.su>
To: <freebsd-security@FreeBSD.ORG>
Subject: How defend from stream2.c attack?
Date: Thu, 22 Jun 2000 12:27:30 +0800
Message-ID: <001e01bfdc02$2ec3ea60$0c3214d4@dragonland.tts.tomsk.su>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700
Importance: Normal
Disposition-Notification-To: "Maksimov Maksim" <maksim@tts.tomsk.su>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I am insert in my kernel config file this strings:

options         ICMP_BANDLIM
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
options         TCP_RESTRICT_RST        #restrict emission of TCP RST

and insert in my rc.conf config file this strings:

tcp_keepalive="YES"             # Enable stale TCP connection timeout (or
NO).
tcp_drop_synfin="YES"           # Set to YES to drop TCP packets with
SYN+FIN
                                           # NOTE: this violates the TCP
specification
tcp_restrict_rst="YES"          # Set to YES to restrict emission of RST
icmp_drop_redirect="YES"        # Set to YES to ignore ICMP REDIRECT packets
icmp_log_redirect="NO"          # Set to YES to log ICMP REDIRECT packets
icmp_bmcastecho="NO"            # respond to broadcast ping packets

and recompile my kernel, and reboot my computer,
and set net.inet.icmp.icmplim down to 20,
and add rules to my firewall (I use IPFilter 3.4.6):
block in quick on ed0 from any to 255.255.255.255
block in quick on ed0 from any to my.local.subnet.255

BUT stream2.c attack freezed my FreeBSD 4.0-20000608-STABLE as before!!!

Best regards,
Maks Maksimov                           mailto:maksim@tts.tomsk.su



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message