Date: Tue, 25 Jul 2000 23:33:47 -0600 From: Wes Peters <wes@softweyr.com> To: Tim Yardley <yardley@uiuc.edu> Cc: Don Lewis <Don.Lewis@tsc.tdk.com>, Maksimov Maksim <maksim@tts.tomsk.su>, freebsd-security@FreeBSD.ORG Subject: Re: How defend from stream2.c attack? Message-ID: <397E783B.ADB8162A@softweyr.com> References: <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su> <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su> <4.3.2.7.2.20000725181153.0218d700@students.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Tim Yardley wrote:
>
> >I would recommend adding packet filter rules that block incoming packets
> >with IP broadcast addresses, both 255.255.255.255, and the broadcast
> >address(es) of your local network(s).
>
> And block multicast if you arent using it in your lan. Keep in mind that
> some switchs that are not multicast aware will treat the packets as
> broadcasts and create a storm. Very bad.
With FreeBSD prior to 3.4/4.0 it didn't matter if you were attempting to
use multicast or not, a stream attack using random multicast source
addresses would turn your FreeBSD box into an attack reflector on every
attached interface. Urk!
That no longer happens; the code now realizes that a TCP packet from a
multicast address is malformed and dumps it on the floor.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?397E783B.ADB8162A>