Date: Wed, 29 Jan 97 12:10:45 -0800 From: "That Doug Guy" <tiller@connectnet.com> To: "FreeBSD Questions" <FreeBSD-Questions@freebsd.org> Cc: "FreeBSD Security" <FreeBSD-Security@freebsd.org> Subject: 2.2+ and sequence number guessing Message-ID: <199701292011.MAA10942@smtp.connectnet.com>
next in thread | raw e-mail | index | archive | help
[Cross-posted to security and questions a couple days ago, but never got a response. Feel free to trim responses to the most appropriate group, I am subscribed to both.] Howdy, :) I have been doing some research on the security of various *nix's, and found some very interesting discussion in the mail archives regarding the security of freebsd vs. a sequence number guessing IP spoof attack. Without rehashing what seemed to be a rather heated discussion last spring, I am wondering if someone could fill me in on any changes, improvements, etc. that have been made in 2.2 regarding this problem. Also, if someone could highlight the changes regarding security against syn flooding promised in 2.2, it would help. Of course, if this information is already available on line, a pointer to it would be appreciated. And speaking of security, I am looking for information on the relative usefulness and efficiency of tcp wrappers vs. Darren Reed's IP filtering. I've read all I can find on both (including downloading the IP filter package), and I'm still a bit confused about how much overhead either will add to my system. It looks like I'll be going with Darren's stuff because I need to filter access to ircd, and as far as I can tell the wrappers won't hook it. Any information or pointers to more detailed documentation would be appreciated. Thank you, Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701292011.MAA10942>