Date: Fri, 23 Feb 1996 21:37:20 -0700 From: Warner Losh <imp@village.org> To: "az.com" <yankee@anna.az.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Alert: UDP Port Denial-of-Service Attack (fwd) Message-ID: <199602240437.VAA14882@rover.village.org> In-Reply-To: Your message of Fri, 23 Feb 1996 17:32:52 PST
next in thread | raw e-mail | index | archive | help
: Regarding the udp denial-of-services attack issues and the discussions of : disabling chargen, daytime, echo, etc. : : Do the similar entries in /etc/inetd.conf that use the same names but are : listed as tcp services apply in any way to this as well? : : What adverse affects would there be to nukeing them all, both the udp and : tcp services? You'd not have these services :-) Usually the daytime service can be moderately useful, since it doesn't suffer from the bombing problems (sure, you can get it to generate a packet, but it will be only one). The real problem is with the services that generate an infinite stream of data and/or can be piped into one another. Discard isn't likely to be a problem, since it throws everything away. UDP is, at present, the only thing impacted. It only takes one rogue packet to set them jabbering at each other (which is one reason we don't allow any IP packets with "src" of one of our netblock through our firewall). I don't see how a TCP attack could succeed given the three way handshake that is required by TCP to establish a connection. Somebody prove me wrong :-). Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602240437.VAA14882>