From owner-freebsd-security Wed Sep 19 10:56: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by hub.freebsd.org (Postfix) with ESMTP id D5C0737B416 for ; Wed, 19 Sep 2001 10:55:59 -0700 (PDT) Received: (from emechler@localhost) by radix.cryptio.net (8.11.6/8.11.3) id f8JHtrS05107; Wed, 19 Sep 2001 10:55:53 -0700 (PDT) (envelope-from emechler) Date: Wed, 19 Sep 2001 10:55:53 -0700 From: Erick Mechler To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: Defense against "Code Rainbow" Message-ID: <20010919105553.J3881@techometer.net> References: <4.3.2.7.2.20010919112438.0598b8b0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20010919112438.0598b8b0@localhost>; from Brett Glass on Wed, Sep 19, 2001 at 11:48:18AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :: Unfortunately, there was a serious problem with this approach. The BSD :: TCP/IP stack apparently does not expect its routing table to be very big, :: and so scans it linearly. This means that, as the list of blackhole :: routes grew, we started to see serious problems with network performance. :: I tried creating ipfw rules instead, but discovered that ipfw scans :: linearly too. What does ipf use? pf? Any ideas for speedups or security :: enhancements? What about using TCP wrapers? I'm not sure of the performance implications of doing so, but maybe it's worth a shot. --Erick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message