Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Jul 2000 22:39:09 -0700
From:      Tim Yardley <yardley@uiuc.edu>
To:        Wes Peters <wes@softweyr.com>
Cc:        Don Lewis <Don.Lewis@tsc.tdk.com>, Maksimov Maksim <maksim@tts.tomsk.su>, freebsd-security@FreeBSD.ORG
Subject:   Re: How defend from stream2.c attack?
Message-ID:  <4.3.2.7.2.20000725223522.00b5dcc0@students.uiuc.edu>
In-Reply-To: <397E783B.ADB8162A@softweyr.com>
References:  <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su> <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su> <4.3.2.7.2.20000725181153.0218d700@students.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 

>With FreeBSD prior to 3.4/4.0 it didn't matter if you were attempting to
>use multicast or not, a stream attack using random multicast source
>addresses would turn your FreeBSD box into an attack reflector on every
>attached interface.  Urk!

Correct.  The blocking of multicast statement was meant for people that DO 
NOT use multicast.  If you use multicast, then you cannot block it at the 
router.  In otherwords, block * with multicast addresses.  You could always 
just block tcp with multicast addresses, and that will not affect any real 
multicast traffic.

>That no longer happens; the code now realizes that a TCP packet from a
>multicast address is malformed and dumps it on the floor.

Any sane stack would drop the multicast packets on the floor immediately if 
they are TCP packets.  That is basically what the patch did.  Since the 
notion of TCP multicast is not even possible, that is the correct thing to do.

/tmy


-- Diving into infinity my consciousness expands in inverse
    proportion to my distance from singularity

+--------  -------  ------  -----  ---- --- -- --- ------ ------- -------- 
---------------+
|  Tim Yardley (yardley@uiuc.edu)	
|  http://www.students.uiuc.edu/~yardley/
+--------  -------  ------  -----  ---- --- -- --- ------ ------- -------- 
---------------+



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000725223522.00b5dcc0>