From owner-freebsd-security Thu Jan 20 21:40:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id C03FD15421 for ; Thu, 20 Jan 2000 21:39:58 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id VAA14350; Thu, 20 Jan 2000 21:27:16 -0700 (MST) Message-Id: <4.2.2.20000120212336.01882220@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 20 Jan 2000 21:27:16 -0700 To: Darren Reed From: Brett Glass Subject: Re: stream.c worst-case kernel paths Cc: security@FreeBSD.ORG In-Reply-To: <200001210417.PAA24853@cairo.anu.edu.au> References: <4.2.2.20000120182425.01886ec0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:17 PM 1/20/2000 , Darren Reed wrote: >Also, what about the simultaneous connection problem ? (both ends send >SYN's to the other, same ports). The odds of the source ports being the same are minuscule. Wouldn't this prevent a problem? Or am I misunderstanding the implications here? > Normally, we'll wind up at the label "dropwithreset", which means we'll > > send back a RST. This suggests that restricting RSTs will help with the > > DoS. (Does anyone know if not sending an RST violates any RFCs if there > > was never a connection?) > >Yes. RFC 793, figure 11, page 35, describes the prescribed behaviour. Isn't there a later RFC describing techniques for avoiding DoSes? (If not, it may be time to write one. "Best practice" is changing now that the 'Net is getting to be a hostile place.) --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message