Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Jan 2000 23:11:25 -0600
From:      Tim Yardley <yardley@uiuc.edu>
To:        keramida@ceid.upatras.gr
Cc:        Vladimir Dubrovin <vlad@sandy.ru>, freebsd-security@FreeBSD.ORG
Subject:   Re: explanation and code for stream.c issues
Message-ID:  <4.2.0.58.20000121230937.0128e4a8@students.uiuc.edu>
In-Reply-To: <20000122050656.B27571@hades.hell.gr>
References:  <4.2.0.58.20000121131202.0135ef10@students.uiuc.edu> <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu> <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu> <8920.000121@sandy.ru> <4.2.0.58.20000121131202.0135ef10@students.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 09:06 PM 1/21/2000, Giorgos Keramidas wrote:
>On Fri, Jan 21, 2000 at 01:15:27PM -0600, Tim Yardley wrote:
> >
> > As was mentioned in the "advisory/explanation" on the issue, ipfw cannot
> > deal with the problem due to the fact that it is stateless.
> >
> > The attack comes from random ip addresses, therefore throttling like that
> > only hurts your connection or solves nothing at all.  In other words, the
> > random sourcing and method of the attack, makes a non-stateless firewall
> > useless.
>
>Substitute 'stateless' for 'non-stateless' above.  A stateless firewall, like
>IPFW is the type of firewall that is useless.

Umm.. that is exactly what I said.  a state based firewall is called 
stateful and a non-state based firewall is called stateless.  IPFW is 
stateless, meaning that it cannot handle packets in a STATE based syntax 
(ie it cannot decipher whether or not a connection has already been started 
with those specs).

/tmy


-- Diving into infinity my consciousness expands in inverse
    proportion to my distance from singularity

+--------  -------  ------  -----  ---- --- -- ------ --------+
|  Tim Yardley (yardley@uiuc.edu)	
|  http://www.students.uiuc.edu/~yardley/
+--------  -------  ------  -----  ---- --- -- ------ --------+




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.20000121230937.0128e4a8>