Date: Fri, 21 Jan 2000 20:08:29 -0500 From: Jared Mauch <jared@puck.Nether.net> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Brett Glass <brett@lariat.org>, Warner Losh <imp@village.org>, Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <20000121200829.E4055@puck.nether.net> In-Reply-To: <200001220035.QAA65392@apollo.backplane.com>; from dillon@apollo.backplane.com on Fri, Jan 21, 2000 at 04:35:44PM -0800 References: <200001210417.PAA24853@cairo.anu.edu.au> <200001210642.XAA09108@harmony.village.org> <4.2.2.20000121163937.01a51dc0@localhost> <200001220035.QAA65392@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 21, 2000 at 04:35:44PM -0800, Matthew Dillon wrote: > > :> RST cases but the above two cases usually handle the vast majority of > :> these sorts of attacks so if this exploit code is stopped cold by ICMP_BANDLIM, > :> we're done. If it isn't then we spend a few seconds extending the cases > :> covered by ICMP_BANDLIM and we are done. > : > :I'd certainly like to see this extended to RST. We can optimize socket searching > :and prevent TCP from sending RSTs (or anything!) to multicast addresses at the > :same time. (We probably also want to block RECEIVED TCP packets from multicast > :addresses, as Wes suggests.) > : > :--Brett > > I wouldn't worry about multicast addresses for several reasons. First, very > few machines actually run a multicast router. No router, no problem. Second, > multicast tunnels tend to be bandwidth limited anyway. Third, from the point > of view of victimizing someone multicast isn't going to get you very far > because we already check for a multicast destination. We don't really need > to check for a multicast source because it's really no different from a > victimizing point of view as a non-multicast source address. > > -Matt > Matthew Dillon I currently show 69695 prefixes on the internet. of those, 7366 are currently multicast capable, which is 10.5%. I take some issue with your statement, as more hosts are currently connected than ever before, and I see it increase daily. I doubt it will reach 100% anytime soon, but it's far more deployed than it has ever been, and continues to be deployed. Attacks related to multicast connectivity need to be taken into account. - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000121200829.E4055>