Date: Sat, 22 Jan 2000 01:14:25 +1100 (Australia/NSW) From: Darren Reed <avalon@coombs.anu.edu.au> To: vlad@sandy.ru Cc: dima@rdy.com (Dima Ruban), freebsd-security@FreeBSD.ORG Subject: Re: Re[2]: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <200001211414.BAA12691@cairo.anu.edu.au> In-Reply-To: <12643.000121@sandy.ru> from "Vladimir Dubrovin" at Jan 21, 2000 03:26:08 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Vladimir Dubrovin, sie said: > > Hello Dima Ruban, > > 21.01.2000 3:43, you wrote: bugtraq posts: stream.c - new FreeBSD exploit?; > > >> I can think of ways to filter this by adding some stuff to IPFW. > > D> I don't believe you can filter it. > > Sure you cann't detect invalid ACK packets with ipfw, but IMHO ipfw > (then dummynet is used) can be used to eliminate any kind of flood > attack with amount of small packets. Rules like > > ipfw pipe 10 config delay 50 queue 5 packets > ipfw add pipe 10 tcp from any to MYHOST in via EXTERNAL > > should limit ipfw to allow only 5 tcp packets in 50 ms for MYHOST, > more packets will be dropped. But I don't think it's best solution. Given the exploit assigns a random source address to every packet, no. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001211414.BAA12691>