From owner-freebsd-net  Thu Jun 22  0:11:11 2000
Delivered-To: freebsd-net@freebsd.org
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
	by hub.freebsd.org (Postfix) with ESMTP id 925DD37B565
	for <freebsd-net@FreeBSD.ORG>; Thu, 22 Jun 2000 00:11:06 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id AAA10069;
	Thu, 22 Jun 2000 00:11:02 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id AAA13950;
	Thu, 22 Jun 2000 00:11:01 -0700 (PDT)
	(envelope-from Don.Lewis@tsc.tdk.com)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id AAA07254;
	Thu, 22 Jun 2000 00:11:01 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <200006220711.AAA07254@salsa.gv.tsc.tdk.com>
Date: Thu, 22 Jun 2000 00:11:01 -0700
In-Reply-To: <002001bfdc02$39ad3080$0c3214d4@dragonland.tts.tomsk.su>
References:  <002001bfdc02$39ad3080$0c3214d4@dragonland.tts.tomsk.su>
X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98)
To: "Maksimov Maksim" <maksim@tts.tomsk.su>,
	<freebsd-net@FreeBSD.ORG>
Subject: Re: How defend from stream2.c attack?
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Jun 22, 12:27pm, "Maksimov Maksim" wrote:
} Subject: How defend from stream2.c attack?
} I am insert in my kernel config file this strings:
} 
} options         ICMP_BANDLIM
} options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
} options         TCP_RESTRICT_RST        #restrict emission of TCP RST
} 
} and insert in my rc.conf config file this strings:
} 
} tcp_keepalive="YES"             # Enable stale TCP connection timeout (or
} NO).
} tcp_drop_synfin="YES"           # Set to YES to drop TCP packets with
} SYN+FIN
}                                            # NOTE: this violates the TCP
} specification
} tcp_restrict_rst="YES"          # Set to YES to restrict emission of RST
} icmp_drop_redirect="YES"        # Set to YES to ignore ICMP REDIRECT packets
} icmp_log_redirect="NO"          # Set to YES to log ICMP REDIRECT packets
} icmp_bmcastecho="NO"            # respond to broadcast ping packets
} 
} and recompile my kernel, and reboot my computer,
} and set net.inet.icmp.icmplim down to 20,
} and add rules to my firewall (I use IPFilter 3.4.6):
} block in quick on ed0 from any to 255.255.255.255
} block in quick on ed0 from any to my.local.subnet.255
} 
} BUT stream2.c attack freezed my FreeBSD 4.0-20000608-STABLE as before!!!

I'm grasping at straws here, but maybe you need to configure your kernel
with more mbufs.

Are your running stream2 on the machine that is freezing or on another
machine?

If you configure DDB into your kernel, can you break into the debugger
and get a stack trace after the machine freezes?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message