From owner-freebsd-security  Tue Jan 18 22:57: 2 2000
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id D019B14FB3
	for <freebsd-security@FreeBSD.ORG>; Tue, 18 Jan 2000 22:56:59 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id WAA33816;
	Tue, 18 Jan 2000 22:56:56 -0800 (PST)
	(envelope-from dillon)
Date: Tue, 18 Jan 2000 22:56:56 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200001190656.WAA33816@apollo.backplane.com>
To: Brett Glass <brett@lariat.org>
Cc: Wes Peters <wes@softweyr.com>, patl@phoenix.volant.org,
	David Wolfskill <dhw@whistle.com>, matt@ARPA.MAIL.NET,
	freebsd-security@FreeBSD.ORG
Subject: Re: TCP/IP
References: <ML-3.4.948228615.4905.patl@asimov.phoenix.volant.org>
 <388557FB.443E66B0@softweyr.com> <4.2.2.20000118234610.01dd9b60@localhost>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:True. But one can minimize the damage. The best way to do this seems to be
:via a pseudorandom sequence number on the SYN-ACK, which eliminates the need
:for the server to retain any state after the SYN.
:
:--Brett

    Assuming you have bandwidth left to play with.  Unfortunately the problem
    tends to be that such attacks saturate your internet link, making it
    unusable.

    Generally speaking SYN attacks are related to IRC weenies.  The best way
    to avoid them is usually to (a) not run an irc server and (b) not allow
    your users to run irc bots.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message