Date: Thu, 27 Jan 2000 12:56:56 -0500 (EST) From: Dug Song <dugsong@monkey.org> To: Michael Robinson <robinson@netrinsics.com> Cc: freebsd-security@freebsd.org Subject: Re: opinions on source quench Message-ID: <Pine.BSO.4.10.10001271240480.11540-100000@funky.monkey.org> In-Reply-To: <200001271256.UAA28713@netrinsics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Jan 2000, Michael Robinson wrote: > What is the prevailing opinion on accepting ICMP source quench? > > Which is greater, the danger of a spoofed DoS attack, or the danger of > overloading some hapless downstream network node? to spoof ICMP source quenches correctly, an attacker must be able to sniff your packets to quote them in the forged reply. but if they can do this, they can just as easily forge correct TCP RSTs. see the tcpnice, tcpkill programs from dsniff for sample code: http://www.monkey.org/~dugsong/dsniff/ TCP has its own congestion control, and i don't know of any applications using UDP that honor source quenches. my guess is that it would probably be safe to filter them, but YMMV. -d. --- http://www.monkey.org/~dugsong/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.10.10001271240480.11540-100000>