From owner-freebsd-current Wed May 22 20:45:27 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id UAA07153 for current-outgoing; Wed, 22 May 1996 20:45:27 -0700 (PDT) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id UAA07142 for ; Wed, 22 May 1996 20:45:22 -0700 (PDT) Received: from mail.barrnet.net (mail.barrnet.net [131.119.246.7]) by who.cdrom.com (8.6.12/8.6.11) with ESMTP id UAA00448 for ; Wed, 22 May 1996 20:45:13 -0700 Received: from apocalypse.superlink.net (apocalypse.superlink.net [205.246.27.150]) by mail.barrnet.net (8.7.5/MAIL-RELAY-LEN) with ESMTP id UAA06308 for ; Wed, 22 May 1996 20:43:53 -0700 (PDT) Received: (from marxx@localhost) by apocalypse.superlink.net (8.7.5/8.7.3) id TAA00234; Wed, 22 May 1996 19:52:28 -0400 (EDT) Date: Wed, 22 May 1996 19:52:27 -0400 (EDT) From: "Charles C. Figueiredo" To: Terry Lambert cc: "Brett L. Hawn" , pst@Shockwave.COM, wollman@lcs.mit.edu, phk@critter.tfs.com, current@FreeBSD.ORG Subject: Re: freebsd + synfloods + ip spoofing In-Reply-To: <199605230326.UAA06229@phaeton.artisoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 22 May 1996, Terry Lambert wrote: > > > The problem doesn't lies in the sequence generator, the problem lies > > > in the fact that any 4.{3.4}BSD derived OS gets hosed up by 8 SYN packets > > > from an unreachable host, that's all, 8. That's why, as you notice, > > > SunOS affected too. What I've been trying to say is that nothing is > > > wrong with the generator, as compared to other OSs, FreeBSD's is > > > actually better! The problem is that FreeBSD, as other BSD OSs, only > > > takes 8 SYN packets from an unreachable host to hose. > > > > Ok, so now we have two problems, 1: it only takes 8 syn's to hose fbsd 2: an > > easy to guess sequence generator. My guess is that #1 would be easier to > > avoid if #2 were fixed. > > Avoidance is a non-fix. Both really need to be fixed. > > Some general comments on this thread: > > The BSD problem is that the sequence number is randomized at the start > of life and rather regularly guessable from there. The, just as important, problem is that BSD hoses easily, if it weren't so easily hosed, any type of sequencing attack wouldn't work. > > I'm also not so thin-skinned as to believe that any criticism of > FreeBSD is calling the baby ugly. FreeBSD is definitely not ugly ;-) > > IRC aside, it's wrong to dismiss Brett's points on the basis of > religion. As Sgt. Pinback said to the Bomb, an idea is valid or > invalid independent of its source. > > Personnally, I wouldn't be so casual dismissing the source; but > even if you casually dismiss the source, the idea can not be so > easily dismissed. > I'm not dismissing the source, I'm all for making it as secure as possible, but if you think aobut it, you can't really do anything w/ sequencing anymore. As long as you use tcp wrappers, which everyone should use, and you mind your r* services, all that can be done is a blind telnet to a horribly secured system. Even maintaining a telnet is hard. Most sequencing applications have been tricking port 513. It should still be fixed though. > Brett wants to make it better; don't shoot him in the head for > bearing bad tidings because they are bad tidings. > I want to, by all means, make it better, I began "shooting the head" after I found some of his post somewhat offending and lame. I don't want to drag this on any further, if I offended Brett in anyway, sorry, just end it, it's been silly for a while now. _Marxx > > Regards, > Terry Lambert > terry@lambert.org > --- > Any opinions in this posting are my own and not those of my present > or previous employers. > "I don't want to grow up, I'm a BSD kid. There's so many toys in /usr/bin that I can play with!" ------------------------------------------------------------------------------ Charles C. Figueiredo Marxx marxx@superlink.net ------------------------------------------------------------------------------