From owner-freebsd-security  Tue Jul 25 23:25: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33])
	by hub.freebsd.org (Postfix) with ESMTP id 6D4CB37B5D3
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jul 2000 23:25:01 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from softweyr.com (Foolstrustident!@homer.softweyr.com [204.68.178.39])
	by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id AAA04544;
	Wed, 26 Jul 2000 00:24:47 -0600 (MDT)
	(envelope-from wes@softweyr.com)
Message-ID: <397E8531.AE1DF9F@softweyr.com>
Date: Wed, 26 Jul 2000 00:29:05 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.1-RC i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Tim Yardley <yardley@uiuc.edu>
Cc: Don Lewis <Don.Lewis@tsc.tdk.com>,
	Maksimov Maksim <maksim@tts.tomsk.su>, freebsd-security@FreeBSD.ORG
Subject: Re: How defend from stream2.c attack?
References: <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su>
	 <000401bfdb64$3eae8320$0c3214d4@dragonland.tts.tomsk.su>
	 <4.3.2.7.2.20000725181153.0218d700@students.uiuc.edu> <4.3.2.7.2.20000725223522.00b5dcc0@students.uiuc.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Tim Yardley wrote:
> 
> >With FreeBSD prior to 3.4/4.0 it didn't matter if you were attempting to
> >use multicast or not, a stream attack using random multicast source
> >addresses would turn your FreeBSD box into an attack reflector on every
> >attached interface.  Urk!
> 
> Correct.  The blocking of multicast statement was meant for people that DO
> NOT use multicast.  If you use multicast, then you cannot block it at the
> router.  In otherwords, block * with multicast addresses.  You could always
> just block tcp with multicast addresses, and that will not affect any real
> multicast traffic.
> 
> >That no longer happens; the code now realizes that a TCP packet from a
> >multicast address is malformed and dumps it on the floor.
> 
> Any sane stack would drop the multicast packets on the floor immediately if
> they are TCP packets.  That is basically what the patch did.  Since the
> notion of TCP multicast is not even possible, that is the correct thing to do.

But then again, that problem existing in the 4.2BSD stack and lived on
until a few months ago.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
wes@softweyr.com                                           http://softweyr.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message