Date: Fri, 21 Jan 2000 14:44:42 -0700 From: Brett Glass <brett@lariat.org> To: Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c Message-ID: <4.2.2.20000121144222.025dad80@localhost> In-Reply-To: <20000121162757.A7080@osaka.louisville.edu> References: <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com> <4.2.2.20000120194543.019a8d50@localhost> <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:27 PM 1/21/2000 , Keith Stevenson wrote: >The ICMP_BANDLIM seemed to be the life saver. I got tons of >"icmp-response bandwidth limit" messages in my syslog, but the load didn't >climb and I was still able to provide network services from the target host. That's probably because one of the things the exploit does is to create an ICMP storm. Looks like it's triggered by the outgoing RST, which in turn is sent in response to the bogus ACK. >The machine which was running TCP_RESTRICT_RST in addition to ICMP_BANDLIM >behaved exactly like the one without TCP_RESTRICT_RST. You'll see a difference if you run with TCP_RESTRICT_RST and don't have ICMP_BANDLIM turned on. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000121144222.025dad80>