From owner-freebsd-security Thu Jan 20 16:45: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from sivka.rdy.com (sivka.rdy.com [207.33.166.86]) by hub.freebsd.org (Postfix) with ESMTP id 95D1215415; Thu, 20 Jan 2000 16:44:55 -0800 (PST) (envelope-from dima@rdy.com) Received: (from dima@localhost) by sivka.rdy.com (8.9.3/8.9.3) id QAA57553; Thu, 20 Jan 2000 16:43:13 -0800 (PST) (envelope-from dima) Message-Id: <200001210043.QAA57553@sivka.rdy.com> Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? In-Reply-To: <4.2.2.20000120172607.0198f1e0@localhost> from Brett Glass at "Jan 20, 2000 05:32:03 pm" To: Brett Glass Date: Thu, 20 Jan 2000 16:43:13 -0800 (PST) Cc: jamiE rishaw - master e*tard , Tom , Mike Tancsa , freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, security-officer@FreeBSD.ORG Organization: HackerDome Reply-To: dima@rdy.com From: dima@rdy.com (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass writes: > At 02:09 PM 1/20/2000 , jamiE rishaw - master e*tard wrote: > > >I have a copy of this, which I am not giving out. I will probably > >fire one off to jkh for sanity, Terriffic! > >The problem is, the kernel already (from my understanding) drops bad ACKs > >pretty quickly. The thing is, tho, that it's kernel bound.. which means > >CPU.. so unless you have tons of extra CPU to spare, this attack will > >take your system to a "pause" until the attacker ceases. > > The name "stream.c" makes it sound like a local, not remote, DoS. Does No, it's remote. > it have to be done from inside the system to be effective? I would think Not necessarily. > that, if it came from the outside, it'd be harder to saturate the > victim. > > I can think of ways to filter this by adding some stuff to IPFW. I don't believe you can filter it. > > --Brett > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message