From owner-freebsd-security  Sat Jul 15 14:59:36 2000
Delivered-To: freebsd-security@freebsd.org
Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33])
	by hub.freebsd.org (Postfix) with ESMTP id 5A6B537B516
	for <freebsd-security@FreeBSD.ORG>; Sat, 15 Jul 2000 14:59:33 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from softweyr.com (Foolstrustident!@homer.softweyr.com [204.68.178.39])
	by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id PAA05864;
	Sat, 15 Jul 2000 15:57:59 -0600 (MDT)
	(envelope-from wes@softweyr.com)
Message-ID: <3970DF32.6D988E56@softweyr.com>
Date: Sat, 15 Jul 2000 16:01:22 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Mike Nowlin <mike@argos.org>
Cc: Dave McKay <dave@mu.org>,
	FreeBSD Security <freebsd_security@hotmail.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD User Security Advisory: FreeBSD-SA-00:BG
References: <Pine.LNX.4.21.0007150356230.24791-100000@jason.argos.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Mike Nowlin wrote:
> 
> > > Topic:          The Brett Glass user can DOS the FreeBSD mailing lists.
> 
> Come on, people -- use some common sense...
> 
> If you don't think that Brett's suggestions are useful (I haven't read
> them, so no opinions here as to their validity or his postings - I'm
> skipping these whole threads), just IGNORE them.
> 
> Talk about adding fuel to the fire...  In the two threads in question
> ("Two Kinds of Advisories" and "Displacement of Blame"), here's some
> stats as of right now:
> 
> TKoB:  47 messages, 7 by BG
> DoB:   57 messages, 10 by BG
> 
> Somehow, I don't think that he would have repeatedly responded to
> silence.  Quit complaining about him clogging the list - BG's not the only
> one at fault here...

Yes, it seems that the BrettGlass attack is an "amplifying reflector",
like the multicast TCP ACK in the Stream attack.  Since we can't quench
the source, it seems that rate-limiting the replies is the most effective
protection.

I've been trying...  ;^)

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message