From owner-freebsd-isp Thu Jan 30 15:40:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA10779 for isp-outgoing; Thu, 30 Jan 1997 15:40:24 -0800 (PST) Received: from smtp.connectnet.com (smtp.connectnet.com [207.110.0.12]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA10761; Thu, 30 Jan 1997 15:40:16 -0800 (PST) Received: from wink.connectnet.com (wink.connectnet.com [206.251.156.23]) by smtp.connectnet.com (8.8.4/Connectnet-2.2) with SMTP id PAA18857; Thu, 30 Jan 1997 15:41:00 -0800 (PST) Message-Id: <199701302341.PAA18857@smtp.connectnet.com> From: "That Doug Guy" To: "freebsd-hackers@freebsd.org" Cc: "freebsd-isp@freebsd.org" Date: Thu, 30 Jan 97 15:40:11 -0800 Reply-To: "That Doug Guy" Priority: Normal X-Mailer: That Doug Guy's Registered PMMail 1.53 For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: 2.2+ and sequence number guessing Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [Cross-posted to security and questions twice over a period of 4 days, but never got a response. Please accept my apologies in advance if you feel that either of *these* lists is inappropriate for these questions, but I do need answers. Feel free to trim responses to the most appropriate group, I am subscribed to both.] Howdy, :) I have been doing some research on the security of various *nix's, and found some very interesting discussion in the mail archives regarding the security of freebsd vs. a sequence number guessing IP spoof attack. Without rehashing what seemed to be a rather heated discussion last spring, I am wondering if someone could fill me in on any changes, improvements, etc. that have been made in 2.2 regarding this problem. Also, if someone could highlight the changes regarding security against syn flooding promised in 2.2, it would help. Of course, if this information is already available on line, a pointer to it would be appreciated. And speaking of security, I am looking for information on the relative usefulness and efficiency of tcp wrappers vs. Darren Reed's IP filtering. I've read all I can find on both (including downloading the IP filter package), and I'm still a bit confused about how much overhead either will add to my system. It looks like I'll be going with Darren's stuff because I need to filter access to ircd, and as far as I can tell the wrappers won't hook it. Any information or pointers to more detailed documentation would be appreciated. Thank you, Doug