From owner-freebsd-net  Sun Dec 30  4:49:24 2001
Delivered-To: freebsd-net@freebsd.org
Received: from sj-msg-core-2.cisco.com (sj-msg-core-2.cisco.com [171.69.24.11])
	by hub.freebsd.org (Postfix) with ESMTP id 347C537B439
	for <net@FreeBSD.ORG>; Sun, 30 Dec 2001 04:49:06 -0800 (PST)
Received: from mira-sjc5-2.cisco.com (mira-sjc5-2.cisco.com [171.71.163.16])
	by sj-msg-core-2.cisco.com (8.11.3/8.9.1) with ESMTP id fBUCn5D17815;
	Sun, 30 Dec 2001 04:49:05 -0800 (PST)
Received: from stewart.chicago.il.us (ssh-sj1.cisco.com [171.68.225.134])
	by mira-sjc5-2.cisco.com (Mirapoint)
	with ESMTP id AAP91598;
	Sun, 30 Dec 2001 04:49:04 -0800 (PST)
Message-ID: <3C2F0D40.ADFE2B6F@stewart.chicago.il.us>
Date: Sun, 30 Dec 2001 06:49:05 -0600
From: Randall Stewart <randall@stewart.chicago.il.us>
X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Mike Silbersack <silby@silby.com>
Cc: Bosko Milekic <bmilekic@technokratis.com>, net@FreeBSD.ORG
Subject: Re: m_reclaim and a protocol drain
References: <Pine.BSF.4.30.0112292352490.52452-100000@niwun.pair.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Mike Silbersack wrote:
> 
> On Wed, 26 Dec 2001, Randall Stewart wrote:
> 
> > This comment facinates me. The reason we made SACK's in SCTP
> > revokeable is due to the potential DOS attack that someone
> > can supposedly lauch if you don't allow the stack to revoke.
> >
> > I can actually see the reason that Sally made the comments
> > and had us change it so that SACK's are revokeable. However
> > you argue to the contrary and I wonder which is correct.
> >
> > If you do not allow revoking it is the same as if a protocol
> > does not hold a drain() fucntion. A attacker could easily
> > stuff a lot of out-of-order segments at you and thus
> > fill up all your mbuf's or clusters (in my current testing
> > case). This would then yeild a DOS since you could no longer
> > receive any segments and leave you high and dry....
> 
> Heh, you nailed the reverse of the problem we've seen:  Right now the easy
> way to cause exhaustion is to fill up _send_ buffers, via netkill.  I
> guess if we solve that problem, out of order segments could be used for an
> attack too.
> 

Mike:

Interesting problem.. but I was thinking in terms of
a outside attacker.. not someone who has a login id on
your machine. That leads down another path... i.e. local
machine security.


R

> Just FWIW,
> 
> Mike "Silby" Silbersack
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message

-- 
Randall R. Stewart
randall@stewart.chicago.il.us 815-342-5222 (cell phone)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message