From owner-freebsd-security  Fri Jan 21 19: 8:43 2000
Delivered-To: freebsd-security@freebsd.org
Received: from mx2.x-treme.gr (mx2.x-treme.gr [212.120.192.15])
	by hub.freebsd.org (Postfix) with ESMTP id 07012156AC
	for <security@FreeBSD.ORG>; Fri, 21 Jan 2000 19:08:34 -0800 (PST)
	(envelope-from keramida@diogenis.ceid.upatras.gr)
Received: from hades.hell.gr (pat33.x-treme.gr [212.120.197.225])
	by mx2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with ESMTP id FAA29965;
	Sat, 22 Jan 2000 05:08:26 +0200
Received: (from charon@localhost)
	by hades.hell.gr (8.9.3/8.9.3) id EAA27380;
	Sat, 22 Jan 2000 04:41:09 +0200 (EET)
	(envelope-from keramida@diogenis.ceid.upatras.gr)
Date: Sat, 22 Jan 2000 04:41:09 +0200
From: Giorgos Keramidas <charon@hades.hell.gr>
To: Brett Glass <brett@lariat.org>
Cc: security@FreeBSD.ORG
Subject: Re: stream.c worst-case kernel paths
Message-ID: <20000122044109.A27337@hades.hell.gr>
Reply-To: keramida@ceid.upatras.gr
References: <200001212315.PAA64608@apollo.backplane.com> <4.2.2.20000120182425.01886ec0@localhost> <20000120195257.G14030@fw.wintelcom.net> <4.2.2.20000120220649.018faa80@localhost> <4.2.2.20000120222630.01919150@localhost> <4.2.2.20000121163454.01a58e30@localhost> <4.2.2.20000121165135.01a543b0@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <4.2.2.20000121165135.01a543b0@localhost>
X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06  D6 21 2A C8 8C 16 C0 8E
X-Phone-Number: +30-94-6203692, +30-93-2886457
X-Address: Theodorou Kirinaiou 61, 26334 Patra, Greece
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, Jan 21, 2000 at 04:52:10PM -0700, Brett Glass wrote:
> At 04:37 PM 1/21/2000 , I wrote:
> 
> > Perhaps one should stop dropping RSTs when it's clear that the number
> > you're sending is greater than the number of connections you've had in a
> > good long while!
> 
> I meant "stop sending RSTs," of course.

We do need a smart way of selecting which RSTs not to send though.  If we
just stop sending RSTs after we exceed a number, and an attacker launches the
packet storm before we reach the closing state with some other long-distance
socket, the limit will be reached with the RSTs of the attacker and the
long-distance socket will just have to time out.

-- Giorgos


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message