Date: Mon, 22 Oct 2001 14:15:49 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Fernando Gont <fernando@gont.com.ar> Cc: <freebsd-net@freebsd.org> Subject: Re: SYN flood and IP spoofing Message-ID: <20011022141035.H70111-100000@achilles.silby.com> In-Reply-To: <4.3.2.7.2.20011021061340.00d8bc80@mail.sitanium.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 21 Oct 2001, Fernando Gont wrote: > >That's an old explanation; basically any OS released in the last few years > >will throw old/random connections out of the queue when it fills up. > > Anyway, I wonder how the old implementations behaved, and why they behaved > like that. I don't think it's worth worrying about how old implementations behaved at this point in time. They weren't designed for the hostile environment of today's internet, and have long since been replaced by newer stacks with better countermeasures. If you encounter an old system, it's probably better to start upgrading it to a newer version of whatever OS it runs than to analyze it. > >(I'm assuming that's how Mitnick did it; I'm not aware that > >he has revealed exactly how he did anything, > > He didn't do it. It was the owner of the attacked host that revealed it, in > a post to comp.security.misc. Maybe I'll look for it some day. In either case, it doesn't matter anymore. We're using strong sequence numbers, and ip-based authentication has many better replacements now. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011022141035.H70111-100000>