From owner-freebsd-security Thu Jun 22 15: 8:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from testbed.baileylink.net (testbed.baileylink.net [63.71.213.24]) by hub.freebsd.org (Postfix) with ESMTP id 71FF737B6D3 for ; Thu, 22 Jun 2000 15:08:04 -0700 (PDT) (envelope-from brad@testbed.baileylink.net) Received: (from brad@localhost) by testbed.baileylink.net (8.9.3/8.9.3) id RAA12226 for freebsd-security@FreeBSD.ORG; Thu, 22 Jun 2000 17:08:31 -0500 (CDT) (envelope-from brad) Date: Thu, 22 Jun 2000 17:08:31 -0500 From: Brad Guillory To: freebsd-security@FreeBSD.ORG Subject: Re: How defend from stream2.c attack? Message-ID: <20000622170831.B9875@baileylink.net> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su> <4.3.2.7.2.20000621125756.048b6d80@localhost> <200006220015.RAA05962@salsa.gv.tsc.tdk.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200006220015.RAA05962@salsa.gv.tsc.tdk.com>; from Don.Lewis@tsc.tdk.com on Wed, Jun 21, 2000 at 05:15:46PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Jun 21, 2000 at 05:15:46PM -0700, Don Lewis wrote: [ Quote from Brett SNIPPED ] > Turning on the RST restriction makes it much easier to spoof TCP connections > that appear to come from your machine or to hijack established TCP > connections... Keep in mind that rate limiting RSTs will only give you a marginally better defence for this type of attack over no RSTs at all. All it would take to gag you is an ACK flood. BMG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message