From owner-freebsd-questions Wed Jan 29 12:10:58 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA18484 for questions-outgoing; Wed, 29 Jan 1997 12:10:58 -0800 (PST) Received: from smtp.connectnet.com (smtp.connectnet.com [207.110.0.12]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA18463; Wed, 29 Jan 1997 12:10:50 -0800 (PST) Received: from wink.connectnet.com (Studded@wink.connectnet.com [206.251.156.23]) by smtp.connectnet.com (8.8.4/Connectnet-2.2) with SMTP id MAA10942; Wed, 29 Jan 1997 12:11:35 -0800 (PST) Message-Id: <199701292011.MAA10942@smtp.connectnet.com> From: "That Doug Guy" To: "FreeBSD Questions" Cc: "FreeBSD Security" Date: Wed, 29 Jan 97 12:10:45 -0800 Reply-To: "That Doug Guy" Priority: Normal X-Mailer: That Doug Guy's Registered PMMail 1.53 For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: 2.2+ and sequence number guessing Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [Cross-posted to security and questions a couple days ago, but never got a response. Feel free to trim responses to the most appropriate group, I am subscribed to both.] Howdy, :) I have been doing some research on the security of various *nix's, and found some very interesting discussion in the mail archives regarding the security of freebsd vs. a sequence number guessing IP spoof attack. Without rehashing what seemed to be a rather heated discussion last spring, I am wondering if someone could fill me in on any changes, improvements, etc. that have been made in 2.2 regarding this problem. Also, if someone could highlight the changes regarding security against syn flooding promised in 2.2, it would help. Of course, if this information is already available on line, a pointer to it would be appreciated. And speaking of security, I am looking for information on the relative usefulness and efficiency of tcp wrappers vs. Darren Reed's IP filtering. I've read all I can find on both (including downloading the IP filter package), and I'm still a bit confused about how much overhead either will add to my system. It looks like I'll be going with Darren's stuff because I need to filter access to ircd, and as far as I can tell the wrappers won't hook it. Any information or pointers to more detailed documentation would be appreciated. Thank you, Doug