From owner-freebsd-security  Tue Jul 25 22:29:51 2000
Delivered-To: freebsd-security@freebsd.org
Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33])
	by hub.freebsd.org (Postfix) with ESMTP id 9A47B37BE42
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jul 2000 22:29:45 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from softweyr.com (Foolstrustident!@homer.softweyr.com [204.68.178.39])
	by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id XAA04429;
	Tue, 25 Jul 2000 23:29:29 -0600 (MDT)
	(envelope-from wes@softweyr.com)
Message-ID: <397E783B.ADB8162A@softweyr.com>
Date: Tue, 25 Jul 2000 23:33:47 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.1-RC i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Tim Yardley <yardley@uiuc.edu>
Cc: Don Lewis <Don.Lewis@tsc.tdk.com>,
	Maksimov Maksim <maksim@tts.tomsk.su>, freebsd-security@FreeBSD.ORG
Subject: Re: How defend from stream2.c attack?
References: <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su>
	 <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su> <4.3.2.7.2.20000725181153.0218d700@students.uiuc.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Tim Yardley wrote:
> 
> >I would recommend adding packet filter rules that block incoming packets
> >with IP broadcast addresses, both 255.255.255.255, and the broadcast
> >address(es) of your local network(s).
> 
> And block multicast if you arent using it in your lan.  Keep in mind that
> some switchs that are not multicast aware will treat the packets as
> broadcasts and create a storm.  Very bad.

With FreeBSD prior to 3.4/4.0 it didn't matter if you were attempting to
use multicast or not, a stream attack using random multicast source
addresses would turn your FreeBSD box into an attack reflector on every
attached interface.  Urk!

That no longer happens; the code now realizes that a TCP packet from a
multicast address is malformed and dumps it on the floor.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message