From owner-freebsd-current  Wed May 22 14:39:06 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id OAA00341
          for current-outgoing; Wed, 22 May 1996 14:39:06 -0700 (PDT)
Received: from nol.net (root@dazed.nol.net [206.126.32.101])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id OAA00333
          for <current@FreeBSD.ORG>; Wed, 22 May 1996 14:39:02 -0700 (PDT)
Received: from dazed.nol.net (blh@dazed.nol.net [206.126.32.101]) by nol.net (8.7.5/8.7.3) with SMTP id QAA17042; Wed, 22 May 1996 16:38:32 -0500 (CDT)
X-AUTH: NOLNET SENDMAIL AUTH
Date: Wed, 22 May 1996 16:38:31 -0500 (CDT)
From: "Brett L. Hawn" <blh@nol.net>
To: "Charles C. Figueiredo" <marxx@apocalypse.superlink.net>
cc: Paul Traina <pst@Shockwave.COM>, Garrett Wollman <wollman@lcs.mit.edu>,
        Poul-Henning Kamp <phk@critter.tfs.com>, current@FreeBSD.ORG
Subject: Re: freebsd + synfloods + ip spoofing 
In-Reply-To: <Pine.BSF.3.91.960522133846.3698F-100000@apocalypse.superlink.net>
Message-ID: <Pine.SOL.3.93.960522163712.15887D-100000@dazed.nol.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 	The problem doesn't lies in the sequence generator, the problem lies 
> in the fact that any 4.{3.4}BSD derived OS gets hosed up by 8 SYN packets 
> from an unreachable host, that's all, 8. That's why, as you notice, 
> SunOS affected too. What I've been trying to say is that nothing is 
> wrong with the generator, as compared to other OSs, FreeBSD's is 
> actually better! The problem is that FreeBSD, as other BSD OSs, only 
> takes 8 SYN packets from an unreachable host to hose.

Ok, so now we have two problems, 1: it only takes 8 syn's to hose fbsd 2: an
easy to guess sequence generator. My guess is that #1 would be easier to
avoid if #2 were fixed.

Brett