Date: Thu, 9 Oct 2008 15:38:32 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, sigtrm@gmail.com Subject: Re: Sockstress Message-ID: <200810091338.m99DcW3a006320@lurza.secnetix.de> In-Reply-To: <aed2bfaf0810090508t390e345bp4dfd051376a89f9c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is the wrong mailing list, you should send this
to the -security list.
By the way, this kind of attack isn't really new
(as far as I can tell from the few information that
have been made public so far). One way to mitigate
it is to limit the number of open connections per
remote IP address; you can easily do that with PF
or IPFW ("limit" option).
Best regards
Oliver
Lukasz Jaroszewski <sigtrm@gmail.com> wrote:
> Hi,
> I am wondering about sockstres informations recently published. I cant
> really figure what new they could found. Do we have anything to worry about?
> ;-)
>
> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html
>
> ``(...)Sockstress computes and stores so-called client-side SYN cookies and
> enables Lee and Louis to specify a destination port and IP address. The
> method allows them to complete the TCP handshake without having to store any
> values, which takes time and resources. "We can then say that we want to
> establish X number of TCP connections on that address and that we want to
> use this attack type, and it does it," Lee said.(...)''
>
> ``(...)Lee said that when and _if_ specific vendors develop workarounds for
> the issues, they will release details of those issues.(...)''
>
> Was FreeBSD team contacted? ;)
>
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"Unix gives you just enough rope to hang yourself --
and then a couple of more feet, just to be sure."
-- Eric Allman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810091338.m99DcW3a006320>