Date: Sat, 22 Jan 2000 13:30:27 -0700 From: Brett Glass <brett@lariat.org> To: Pete Carah <pete@ns.altadena.net>, security@FreeBSD.ORG Subject: RE: Some observations on stream.c and streamnt.c Message-ID: <4.2.2.20000122132751.01aab6e0@localhost> In-Reply-To: <200001221906.LAA83395@ns.altadena.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:06 PM 1/22/2000 , Pete Carah wrote: >Well, our (Bay) router is rendered silent (doesn't reboot) just >routing this attack through itself at around 6k pps. If aimed at >the router it gets silent faster but never seems to need a reboot (of >course, I don't want to try this too long on the particular router). ... >It is not affected if the attack is against a host (fbsd or mac) on the >same segment, so the "side-effect" multicast, etc packets don't seem to >be bothering the router, at least not soon... Don't know what our >upstream sees :-) Maybe it's seeing an "internal" storm. That is, the ACK triggers a RST which is sent to a multicast address which is trapped by the routing table which triggers an ICMP "unreachable" message which is bounced internally to... you get the idea. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000122132751.01aab6e0>