Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 22 Jun 2000 00:11:01 -0700
From:      Don Lewis <Don.Lewis@tsc.tdk.com>
To:        "Maksimov Maksim" <maksim@tts.tomsk.su>, <freebsd-net@FreeBSD.ORG>
Subject:   Re: How defend from stream2.c attack?
Message-ID:  <200006220711.AAA07254@salsa.gv.tsc.tdk.com>
In-Reply-To: <002001bfdc02$39ad3080$0c3214d4@dragonland.tts.tomsk.su>
References:   <002001bfdc02$39ad3080$0c3214d4@dragonland.tts.tomsk.su>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Jun 22, 12:27pm, "Maksimov Maksim" wrote:
} Subject: How defend from stream2.c attack?
} I am insert in my kernel config file this strings:
} 
} options         ICMP_BANDLIM
} options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN
} options         TCP_RESTRICT_RST        #restrict emission of TCP RST
} 
} and insert in my rc.conf config file this strings:
} 
} tcp_keepalive="YES"             # Enable stale TCP connection timeout (or
} NO).
} tcp_drop_synfin="YES"           # Set to YES to drop TCP packets with
} SYN+FIN
}                                            # NOTE: this violates the TCP
} specification
} tcp_restrict_rst="YES"          # Set to YES to restrict emission of RST
} icmp_drop_redirect="YES"        # Set to YES to ignore ICMP REDIRECT packets
} icmp_log_redirect="NO"          # Set to YES to log ICMP REDIRECT packets
} icmp_bmcastecho="NO"            # respond to broadcast ping packets
} 
} and recompile my kernel, and reboot my computer,
} and set net.inet.icmp.icmplim down to 20,
} and add rules to my firewall (I use IPFilter 3.4.6):
} block in quick on ed0 from any to 255.255.255.255
} block in quick on ed0 from any to my.local.subnet.255
} 
} BUT stream2.c attack freezed my FreeBSD 4.0-20000608-STABLE as before!!!

I'm grasping at straws here, but maybe you need to configure your kernel
with more mbufs.

Are your running stream2 on the machine that is freezing or on another
machine?

If you configure DDB into your kernel, can you break into the debugger
and get a stack trace after the machine freezes?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006220711.AAA07254>