Date: Thu, 30 Jan 97 15:40:11 -0800 From: "That Doug Guy" <tiller@connectnet.com> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Cc: "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org> Subject: 2.2+ and sequence number guessing Message-ID: <199701302341.PAA18857@smtp.connectnet.com>
next in thread | raw e-mail | index | archive | help
[Cross-posted to security and questions twice over a period of 4 days, but never got a response. Please accept my apologies in advance if you feel that either of *these* lists is inappropriate for these questions, but I do need answers. Feel free to trim responses to the most appropriate group, I am subscribed to both.] Howdy, :) I have been doing some research on the security of various *nix's, and found some very interesting discussion in the mail archives regarding the security of freebsd vs. a sequence number guessing IP spoof attack. Without rehashing what seemed to be a rather heated discussion last spring, I am wondering if someone could fill me in on any changes, improvements, etc. that have been made in 2.2 regarding this problem. Also, if someone could highlight the changes regarding security against syn flooding promised in 2.2, it would help. Of course, if this information is already available on line, a pointer to it would be appreciated. And speaking of security, I am looking for information on the relative usefulness and efficiency of tcp wrappers vs. Darren Reed's IP filtering. I've read all I can find on both (including downloading the IP filter package), and I'm still a bit confused about how much overhead either will add to my system. It looks like I'll be going with Darren's stuff because I need to filter access to ircd, and as far as I can tell the wrappers won't hook it. Any information or pointers to more detailed documentation would be appreciated. Thank you, Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701302341.PAA18857>