Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Oct 2001 14:15:49 -0500 (CDT)
From:      Mike Silbersack <silby@silby.com>
To:        Fernando Gont <fernando@gont.com.ar>
Cc:        <freebsd-net@freebsd.org>
Subject:   Re: SYN flood and IP spoofing
Message-ID:  <20011022141035.H70111-100000@achilles.silby.com>
In-Reply-To: <4.3.2.7.2.20011021061340.00d8bc80@mail.sitanium.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Sun, 21 Oct 2001, Fernando Gont wrote:

> >That's an old explanation; basically any OS released in the last few years
> >will throw old/random connections out of the queue when it fills up.
>
> Anyway, I wonder how the old implementations behaved, and why they behaved
> like that.

I don't think it's worth worrying about how old implementations behaved at
this point in time.  They weren't designed for the hostile environment of
today's internet, and have long since been replaced by newer stacks with
better countermeasures.  If you encounter an old system, it's probably
better to start upgrading it to a newer version of whatever OS it runs
than to analyze it.

> >(I'm assuming that's how Mitnick did it; I'm not aware that
> >he has revealed exactly how he did anything,
>
> He didn't do it. It was the owner of the attacked host that revealed it, in
> a post to comp.security.misc.

Maybe I'll look for it some day.  In either case, it doesn't matter
anymore.  We're using strong sequence numbers, and ip-based authentication
has many better replacements now.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011022141035.H70111-100000>