From owner-freebsd-security Fri Jan 21 11:22:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from sivka.rdy.com (sivka.rdy.com [207.33.166.86]) by hub.freebsd.org (Postfix) with ESMTP id 7385115517 for ; Fri, 21 Jan 2000 11:22:20 -0800 (PST) (envelope-from dima@rdy.com) Received: (from dima@localhost) by sivka.rdy.com (8.9.3/8.9.3) id LAA04129; Fri, 21 Jan 2000 11:21:15 -0800 (PST) (envelope-from dima) Message-Id: <200001211921.LAA04129@sivka.rdy.com> Subject: Re: Re[2]: bugtraq posts: stream.c - new FreeBSD exploit? In-Reply-To: <12643.000121@sandy.ru> from Vladimir Dubrovin at "Jan 21, 2000 03:26:08 pm" To: Vladimir Dubrovin Date: Fri, 21 Jan 2000 11:21:15 -0800 (PST) Cc: Dima Ruban , freebsd-security@FreeBSD.ORG Organization: HackerDome Reply-To: dima@rdy.com From: dima@rdy.com (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Vladimir Dubrovin writes: > Sure you cann't detect invalid ACK packets with ipfw, but IMHO ipfw > (then dummynet is used) can be used to eliminate any kind of flood > attack with amount of small packets. Rules like > > ipfw pipe 10 config delay 50 queue 5 packets > ipfw add pipe 10 tcp from any to MYHOST in via EXTERNAL > > should limit ipfw to allow only 5 tcp packets in 50 ms for MYHOST, > more packets will be dropped. But I don't think it's best solution. They use random source address. > > > +=-=-=-=-=-=-=-=-=+ > |Vladimir Dubrovin| > | Sandy Info, ISP | > +=-=-=-=-=-=-=-=-=+ > > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message