From owner-freebsd-security Fri Jan 21 4:29:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2]) by hub.freebsd.org (Postfix) with ESMTP id DF01515458 for ; Fri, 21 Jan 2000 04:29:28 -0800 (PST) (envelope-from vlad@sandy.ru) Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.40]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1) with ESMTP id PAA03602; Fri, 21 Jan 2000 15:26:05 +0300 (MSK) Date: Fri, 21 Jan 2000 15:26:08 +0300 From: Vladimir Dubrovin X-Mailer: The Bat! (v1.36) S/N D33CD428 Reply-To: Vladimir Dubrovin Organization: Sandy Info X-Priority: 3 (Normal) Message-ID: <12643.000121@sandy.ru> To: Dima Ruban Cc: freebsd-security@FreeBSD.ORG Subject: Re[2]: bugtraq posts: stream.c - new FreeBSD exploit? In-reply-To: <200001210043.QAA57553@sivka.rdy.com> References: <200001210043.QAA57553@sivka.rdy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Dima Ruban, 21.01.2000 3:43, you wrote: bugtraq posts: stream.c - new FreeBSD exploit?; >> I can think of ways to filter this by adding some stuff to IPFW. D> I don't believe you can filter it. Sure you cann't detect invalid ACK packets with ipfw, but IMHO ipfw (then dummynet is used) can be used to eliminate any kind of flood attack with amount of small packets. Rules like ipfw pipe 10 config delay 50 queue 5 packets ipfw add pipe 10 tcp from any to MYHOST in via EXTERNAL should limit ipfw to allow only 5 tcp packets in 50 ms for MYHOST, more packets will be dropped. But I don't think it's best solution. +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message