Date: Fri, 1 Dec 2000 14:00:48 -0700 (MST) From: "David G. Andersen" <dga@pobox.com> To: rjh@mohawk.net (Ralph Huntington) Cc: brett@lariat.org (Brett Glass), umesh@juniper.net (Umesh Krishnaswamy), freebsd-security@FreeBSD.ORG Subject: Re: Defeating SYN flood attacks Message-ID: <200012012100.OAA05277@faith.cs.utah.edu> In-Reply-To: <Pine.BSF.4.21.0012011601470.92040-100000@mohegan.mohawk.net> from "Ralph Huntington" at Dec 01, 2000 04:02:11 PM
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Ralph Huntington once said:
>
> This is very very clever. I don't see any holes in it (anyone else?).
It needs more peer review. In particular:
a) A good comparison to Linux's syncookies
b) An evaluation of the computational load of performing an
encryption on every SYN. Does this create a CPU DOS attack?
c) An evaluation of how it times out old SYN packets
(replay, packet duplication). What are the consequences?
d) Not to use a patented and licensed cipher.
I think that my reasons for suggesting all of the above are obvious, but
if you'd like clarification, I'll spout more.
-Dave
>
> On Fri, 1 Dec 2000, Brett Glass wrote:
>
> > Steve Gibson just published a great article on SYN flood avoidance,
> > complete with a mechanism that I think FreeBSD should adopt for it.
> > See
> >
> > http://grc.com/r&d/nomoredos.htm
> >
> > --Brett
> >
> > At 12:04 PM 12/1/2000, Umesh Krishnaswamy wrote:
> >
> > >Hi Folks,
> > >
> > >I wanted to double-check which version of FreeBSD (if any) can address a
> > >SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c and
> > >ip_input.c) do not seem to have any code to address such an attack. Maybe I am
> > >missing something.
> > >
> > >So if you folks can enlighten me on whether or how to handle the SYN attack from
> > >within the kernel, I would appreciate it. I am aware of ingress filtering; while
> > >that can help attacks from randomized IP addresses, it will fail in the case of
> > >an attack from a spoofed trusted IP address. Hence the desire to look into the
> > >kernel for a fix.
> > >
> > >Thanks.
> > >Umesh.
> > >
> > >
> > >
> > >
> > >To Unsubscribe: send mail to majordomo@FreeBSD.org
> > >with "unsubscribe freebsd-security" in the body of the message
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012012100.OAA05277>