From owner-freebsd-current Wed May 22 20:33:19 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id UAA05637 for current-outgoing; Wed, 22 May 1996 20:33:19 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id UAA05605 for ; Wed, 22 May 1996 20:33:09 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id UAA06229; Wed, 22 May 1996 20:26:29 -0700 From: Terry Lambert Message-Id: <199605230326.UAA06229@phaeton.artisoft.com> Subject: Re: freebsd + synfloods + ip spoofing To: blh@nol.net (Brett L. Hawn) Date: Wed, 22 May 1996 20:26:29 -0700 (MST) Cc: marxx@apocalypse.superlink.net, pst@Shockwave.COM, wollman@lcs.mit.edu, phk@critter.tfs.com, current@FreeBSD.ORG In-Reply-To: from "Brett L. Hawn" at May 22, 96 04:38:31 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > The problem doesn't lies in the sequence generator, the problem lies > > in the fact that any 4.{3.4}BSD derived OS gets hosed up by 8 SYN packets > > from an unreachable host, that's all, 8. That's why, as you notice, > > SunOS affected too. What I've been trying to say is that nothing is > > wrong with the generator, as compared to other OSs, FreeBSD's is > > actually better! The problem is that FreeBSD, as other BSD OSs, only > > takes 8 SYN packets from an unreachable host to hose. > > Ok, so now we have two problems, 1: it only takes 8 syn's to hose fbsd 2: an > easy to guess sequence generator. My guess is that #1 would be easier to > avoid if #2 were fixed. Avoidance is a non-fix. Both really need to be fixed. Some general comments on this thread: The BSD problem is that the sequence number is randomized at the start of life and rather regularly guessable from there. I'm also not so thin-skinned as to believe that any criticism of FreeBSD is calling the baby ugly. IRC aside, it's wrong to dismiss Brett's points on the basis of religion. As Sgt. Pinback said to the Bomb, an idea is valid or invalid independent of its source. Personnally, I wouldn't be so casual dismissing the source; but even if you casually dismiss the source, the idea can not be so easily dismissed. Brett wants to make it better; don't shoot him in the head for bearing bad tidings because they are bad tidings. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.