Date: Thu, 22 Jun 2000 12:27:30 +0800 From: "Maksimov Maksim" <maksim@tts.tomsk.su> To: <freebsd-security@FreeBSD.ORG> Subject: How defend from stream2.c attack? Message-ID: <001e01bfdc02$2ec3ea60$0c3214d4@dragonland.tts.tomsk.su>
next in thread | raw e-mail | index | archive | help
I am insert in my kernel config file this strings:
options ICMP_BANDLIM
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options TCP_RESTRICT_RST #restrict emission of TCP RST
and insert in my rc.conf config file this strings:
tcp_keepalive="YES" # Enable stale TCP connection timeout (or
NO).
tcp_drop_synfin="YES" # Set to YES to drop TCP packets with
SYN+FIN
# NOTE: this violates the TCP
specification
tcp_restrict_rst="YES" # Set to YES to restrict emission of RST
icmp_drop_redirect="YES" # Set to YES to ignore ICMP REDIRECT packets
icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets
icmp_bmcastecho="NO" # respond to broadcast ping packets
and recompile my kernel, and reboot my computer,
and set net.inet.icmp.icmplim down to 20,
and add rules to my firewall (I use IPFilter 3.4.6):
block in quick on ed0 from any to 255.255.255.255
block in quick on ed0 from any to my.local.subnet.255
BUT stream2.c attack freezed my FreeBSD 4.0-20000608-STABLE as before!!!
Best regards,
Maks Maksimov mailto:maksim@tts.tomsk.su
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001e01bfdc02$2ec3ea60$0c3214d4>