Date: Sat, 22 Jan 2000 05:03:37 +0200 From: Giorgos Keramidas <charon@hades.hell.gr> To: Brett Glass <brett@lariat.org> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Warner Losh <imp@village.org>, Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <20000122050337.A27571@hades.hell.gr> In-Reply-To: <4.2.2.20000121174940.019bd1a0@localhost> References: <200001210417.PAA24853@cairo.anu.edu.au> <200001210642.XAA09108@harmony.village.org> <4.2.2.20000121163937.01a51dc0@localhost> <200001220035.QAA65392@apollo.backplane.com> <4.2.2.20000121174940.019bd1a0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 21, 2000 at 05:51:26PM -0700, Brett Glass wrote: > At 05:35 PM 1/21/2000 , Matthew Dillon wrote: > > > I wouldn't worry about multicast addresses for several reasons. First, > > very few machines actually run a multicast router. No router, no > > problem. This is not the case with some ISPs though. Speaking for my own country (i.e. Greece), several major Internet Service Providers that I've tried have been constantly sending igmp and pim packets even to dialup links. This probably means that not a lot of people know about multicast, and those that are playing around with it around these places have neglected configuring their Cisco routers properly. > I'm not so sure. Using a multicast address as the source address for an > attack (like this one) does seem to be tying systems up into little tiny > pretzel knots as they try to send RSTs to those addresses. I think that dropping multicast packets dead on the floor if and when they reach the tcp stack is the best thing to do. Sending to multicast addresses seems to be a problem too, if I got you right Brett. -- Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000122050337.A27571>