Date: Fri, 21 Jan 2000 22:04:53 +0300 From: Vladimir Dubrovin <vlad@sandy.ru> To: Tim Yardley <yardley@uiuc.edu> Cc: news@technotronic.com, bugtraq@securityfocus.com, freebsd-security@FreeBSD.org Subject: Re: explanation and code for stream.c issues Message-ID: <8920.000121@sandy.ru> In-Reply-To: <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu> References: <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Tim Yardley, 21.01.00 20:25, you wrote: explanation and code for stream.c issues; T> -- start rule set -- T> block in quick proto tcp from any to any head 100 T> pass in quick proto tcp from any to any flags S keep state group 100 T> pass in all T> -- end rule set -- Attack can be easily changed to send pair SYN and invalid SYN/ACK packets before spoofing some port. I guess in this case your ruleset will be useless. But i belive it's possible to limit the number of TCP packets send to some host with ipfw: ipfw pipe 10 config delay 50 queue 5 packets ipfw add pipe 10 tcp from any to $MYHOST in via $EXTERNAL I have not tested this rule but i guess with appropriate delay and queue it will stop any TCP spoofing. +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8920.000121>