Date: Wed, 21 Apr 2004 22:24:27 +0900 (JST) From: Tadaaki Nagao <nagao@iij.ad.jp> To: nectar@freebsd.org Cc: des@des.no Subject: Re: TCP RST attack Message-ID: <20040421.222427.41675143.nagao@iij.ad.jp> In-Reply-To: <20040421111003.GB19640@lum.celabo.org> References: <6.0.3.0.0.20040420144001.0723ab80@209.112.4.2> <200404201332.40827.dr@kyx.net> <20040421111003.GB19640@lum.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In "Re: TCP RST attack",
"Jacques A. Vidrine" <nectar@freebsd.org> wrote:
> On Tue, Apr 20, 2004 at 01:32:40PM -0700, Dragos Ruiu wrote:
> > Also keep in mind ports are predictable to varying degrees depending on
> > the vendor or OS, which further reduces the brute force space you have to
> > go though without sniffing.
>
> This is exactly why I ported OpenBSD's TCP ephemeral port allocation
> randomization to FreeBSD-CURRENT (although I asked Mike Silby to commit
> it for me and take the blame if it broke :-). It will also be MFC'd
> shortly in time for 4.10-RELEASE.
That sounds great! But a question arose in my mind... I think it'll
improve FreeBSD as a client OS, but as a server OS it doesn't seem to
help much (actually, any ;-).
Is there any action planned to implement some kind of countermeasure
for FreeBSD servers?
Thanks,
Tadaaki Nagao <nagao@iij.ad.jp>
System Design and Development Division, Internet Initiative Japan Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040421.222427.41675143.nagao>