From owner-freebsd-security@FreeBSD.ORG  Wed Apr 21 15:01:51 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3BB3A16A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 15:01:51 -0700 (PDT)
Received: from a.mx.ict1.everquick.net (a.mx.ict1.everquick.net [67.67.61.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B131343D1F
	for <freebsd-security@freebsd.org>;
	Wed, 21 Apr 2004 15:01:50 -0700 (PDT)
	(envelope-from eddy+public+spam@noc.everquick.net)
Received: from a.mx.ict1.everquick.net (localhost [127.0.0.1])
	i3LM1vAk022062;	Wed, 21 Apr 2004 22:01:57 GMT
X-EverQuick-No-Abuse: Report any e-mail abuse to <abuse@noc.everquick.net>
Received: from localhost (eddy@localhost)i3LM1vfk022057;
	Wed, 21 Apr 2004 22:01:57 GMT
X-Authentication-Warning: a.mx.ict1.everquick.net: eddy owned process doing
	-bs
Date: Wed, 21 Apr 2004 22:01:57 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
X-X-Sender: eddy@a.mx.ict1.everquick.net
To: Mike Tancsa <mike@sentex.net>
In-Reply-To: <6.0.3.0.0.20040421121715.04547510@209.112.4.2>
Message-ID: <Pine.LNX.4.44.0404212200270.21896-100000@a.mx.ict1.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-security@freebsd.org
Subject: Re: Other possible protection against RST/SYN attacks (was Re: TCP
 RST attack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2004 22:01:51 -0000

MT> Date: Wed, 21 Apr 2004 12:30:40 -0400
MT> From: Mike Tancsa


MT> If the attacker were on the same subnet this would not do
MT> anything, but you have larger problems if this is the case.

Indeed.  Anti-spoofing, per-switchport MAC restrictions, and
hardcoded ARP entries for routers all go a long way toward
improving security. :-)


Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
_________________________________________________________________
          DO NOT send mail to the following addresses :
  blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net
Sending mail to spambait addresses is a great way to get blocked.