From owner-freebsd-security Fri Dec 1 13:33:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id 68A1837B400 for ; Fri, 1 Dec 2000 13:33:52 -0800 (PST) Received: from x86nts4 - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Fri, 1 Dec 2000 13:33:50 -0800 Message-ID: <00a101c05bdf$4e6e9b00$fd01a8c0@pacbell.net> From: "John Howie" To: "Ralph Huntington" , "David G. Andersen" Cc: "Brett Glass" , "Umesh Krishnaswamy" , References: <200012012100.OAA05277@faith.cs.utah.edu> Subject: Re: Defeating SYN flood attacks Date: Fri, 1 Dec 2000 13:40:21 -0800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1800 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "David G. Andersen" wrote: > Lo and behold, Ralph Huntington once said: > > > > This is very very clever. I don't see any holes in it (anyone else?). > > It needs more peer review. In particular: There are flaws in the implementation: I don not believe that on a heavily used site encryption would not slow the system down (somewhat), especially a heavily used system. By maintaining a cache, as suggested, you are still consuming resources so a DoS can still occur. Given that you know the plaintext (the Client IP Address), the cipher text (SISN - CISN) and the algorithm, you can work out the key used (eventually). If the key is only changed at system startup, the longer the system is running, the more likely it will be that the key is computed. We all talk about how long our boxes are up and running for (compared to NT/2000) and we usually talk in months, if not years. The key needs to be changed more often - perhaps hourly (which still might not be enough). You could improve security by combining the CISN with some (server-specific) value which would allow a unique key to be created for each incoming connection. You would need to store state (the key) and that consumes resources so we are back to where we were (DoS). Spoofers can still cause you a problem. If the spoofer is on the return route to the spoofed IP addressed host then they will still see the sequence. This proposed system, IMHO, is flawed. john... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message