Date: Tue, 21 May 1996 07:21:14 -0500 (CDT) From: "Brett L. Hawn" <blh@nol.net> To: "Charles C. Figueiredo" <marxx@apocalypse.superlink.net> Cc: current@FreeBSD.ORG Subject: Re: freebsd + synfloods + ip spoofing Message-ID: <Pine.SOL.3.93.960521071719.19401A-100000@dazed.nol.net> In-Reply-To: <Pine.BSF.3.91.960520205423.709A-100000@apocalypse.superlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 May 1996, Charles C. Figueiredo wrote: > Using DES as a random number generator would be excellent, but might > not be quick enough. It was rather nicely discussed in a IP spoofing and > TCP sequence prediction paper I read. Being easy to syn flood + spoof has > not much to do when it comes to FreeBSD vs. Linux, after 1.3.7x I believe > a patch isn't even needed to spoof an IP packet. Let's face it, it would > be somewhat silly to attempt to disallow IP packet spoofing, all you're > doing it manually building a IP header, and sending it away. Traceroute > and the such need to generate their own headers. Besides, unless your > clueless losers and lame crackers gain root, they can't open raw sockets. > Most spoofing/sequencing/hijacking attempts an experiments are from people > with individual workstations, connected, not users on a server. > Practically all Unices are easy to syn flood + spoof on, ok, it only takes > 8 requests to hose, but that's irrelevant. The problem doesn't lye in how > quickly, it's that it occurs. The problem shouldn't be delt with on the > client side, but on the server side. The problem lies in the fact that 1: not all OS's are easily synfloodable, seeing as not all OS's are easily sequences like fbsd is. 2: as the net grows more and more 'lusers' are running linux/fbsd/etc at home on a PPP link and therefore have root privs and can open a raw socket. 'Spoofing Warez' as they're known are becoming more and more prevalent on certain parts of IRC and its to the point now where the person spoofing you doesn't even have to know what they're doing, all they do is fill out a basic formula of command line arguments and *poof* they're you. For kicks some time ago I built a spoofer and I can tell you this much, creating at least a pseudo-random number generator for sequencing will stop a large # of the spoofers. Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.93.960521071719.19401A-100000>