Date: Tue, 21 May 1996 11:41:48 -0400 (EDT) From: "Charles C. Figueiredo" <marxx@apocalypse.superlink.net> To: "Brett L. Hawn" <blh@nol.net> Cc: current@FreeBSD.ORG Subject: Re: freebsd + synfloods + ip spoofing Message-ID: <Pine.BSF.3.91.960521114100.709B-100000@apocalypse.superlink.net> In-Reply-To: <Pine.SOL.3.93.960521071719.19401A-100000@dazed.nol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"I don't want to grow up, I'm a BSD kid. There's so many toys in /usr/bin that I can play with!" ------------------------------------------------------------------------------ Charles C. Figueiredo Marxx marxx@superlink.net ------------------------------------------------------------------------------ On Tue, 21 May 1996, Brett L. Hawn wrote: > On Mon, 20 May 1996, Charles C. Figueiredo wrote: > > > Using DES as a random number generator would be excellent, but might > > not be quick enough. It was rather nicely discussed in a IP spoofing and > > TCP sequence prediction paper I read. Being easy to syn flood + spoof has > > not much to do when it comes to FreeBSD vs. Linux, after 1.3.7x I believe > > a patch isn't even needed to spoof an IP packet. Let's face it, it would > > be somewhat silly to attempt to disallow IP packet spoofing, all you're > > doing it manually building a IP header, and sending it away. Traceroute > > and the such need to generate their own headers. Besides, unless your > > clueless losers and lame crackers gain root, they can't open raw sockets. > > Most spoofing/sequencing/hijacking attempts an experiments are from people > > with individual workstations, connected, not users on a server. > > Practically all Unices are easy to syn flood + spoof on, ok, it only takes > > 8 requests to hose, but that's irrelevant. The problem doesn't lye in how > > quickly, it's that it occurs. The problem shouldn't be delt with on the > > client side, but on the server side. > > > The problem lies in the fact that 1: not all OS's are easily synfloodable, > seeing as not all OS's are easily sequences like fbsd is. 2: as the net All OS's, that have real TCP implementations, are syn floodable at the moment. > grows more and more 'lusers' are running linux/fbsd/etc at home on a PPP > link and therefore have root privs and can open a raw socket. 'Spoofing > Warez' as they're known are becoming more and more prevalent on certain > parts of IRC and its to the point now where the person spoofing you doesn't > even have to know what they're doing, all they do is fill out a basic > formula of command line arguments and *poof* they're you. > > For kicks some time ago I built a spoofer and I can tell you this much, > creating at least a pseudo-random number generator for sequencing will stop > a large # of the spoofers. > > Brett > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960521114100.709B-100000>