From owner-freebsd-security Fri Jan 21 14:58:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id ADA81155C2 for ; Fri, 21 Jan 2000 14:58:43 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id OAA64329; Fri, 21 Jan 2000 14:58:40 -0800 (PST) (envelope-from dillon) Date: Fri, 21 Jan 2000 14:58:40 -0800 (PST) From: Matthew Dillon Message-Id: <200001212258.OAA64329@apollo.backplane.com> To: Gene Harris Cc: Wes Peters , Brett Glass , freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :Wes, : :SP5 and SP6 made some pretty big revisions to the TCP stack. :That's why I was meticulous on reporting SP6a. It does make :a difference. : :I am now sitting here with the machine hooked to a 100 MB :network with the attacking machine on the other side of a T3 :at telepath.com. We cannot see any affect on the NT Server, :running IIS and SQL Server as a custom web provider. This :is a production machine. : :*==============================================* :*Gene Harris http://www.tetronsoftware.com* Ok... but what sort of packet rate is the machine at telepath.com seeing from this attack? Note that a T3 is only 45 MBits. Attacks on BEST that only went through a single incoming T3 never had much of an effect, it was only those attacks that came over multiple T3's (generally ping-broadcast attacks) that we worried about. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message