Date: Fri, 21 Jan 2000 21:51:14 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: gdonl@tsc.tdk.com (Don Lewis) Cc: Giorgos Keramidas <charon@hades.hell.gr>, Brett Glass <brett@lariat.org>, Warner Losh <imp@village.org>, Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <200001220551.VAA67568@apollo.backplane.com> References: <200001220439.UAA15676@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:} :
:} :Do I forget something here?
:} :
:} :-- Giorgos
:}
:} That's pretty much it. I've already sent a patch set to Warner for (b).
:} I don't think we should do (a) or (c) until after the release, multicast
:} isn't going to explode on us in the next 4 months.
:
:But that doesn't stop an attacker from sending forged TCP packets with
:forged multicast addresses. Spraying the local network with a multicast
:response to an incoming unicast seems like a bad idea.
No matter what you do there will always be something the attacker can
shoot at you. The only thing you care about is making sure that it
doesn't take down your servers. Since multicast packets have to
go through multicast routers to get anywhere, and those routers are
already band-limited, a multicast attack is not likely to kill your
network or your machine. I doubt an attacker would be able to push
enough mcast packets through the router to matter since if the ISP
is smart the bandwidth will be limited to something reasonable. On
the otherhand, non-multicast packets are almost *never* band limited.
So guess what the IRC weenie is going to use!
You can come up with scenarios all day long and turn the TCP stack into
a programmers nightmare trying to 'fix' them and still not cover all your
bases. Because half this stuff doesn't make a damn bit of difference
in survivability, I'm not particularly interested in seeing the TCP
stack hacked to death with it. Having things like TCP_RESTRICT_RST and
TCP_DROP_SYNFIN in there is already bad enough - solving problems that
have no real impact on anything (except someone's personal paranoia).
It just isn't worth garbaging up the TCP stack with all of this junk.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001220551.VAA67568>