From owner-freebsd-chat  Wed Feb  9  8:59:49 2000
Delivered-To: freebsd-chat@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by builder.freebsd.org (Postfix) with ESMTP id 630313E5D
	for <freebsd-chat@FreeBSD.ORG>; Wed,  9 Feb 2000 08:59:45 -0800 (PST)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id RAA24399;
	Wed, 9 Feb 2000 17:45:40 +0100 (CET)
	(envelope-from des@flood.ping.uio.no)
To: Jim <jameso@omaha.com>
Cc: freebsd-chat@FreeBSD.ORG
Subject: Re: MSNBC article
References: <38A18C0F.9D482E8B@omaha.com>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 09 Feb 2000 17:45:39 +0100
In-Reply-To: Jim's message of "Wed, 09 Feb 2000 09:47:27 -0600"
Message-ID: <xzpn1pa5npo.fsf@flood.ping.uio.no>
Lines: 15
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Jim <jameso@omaha.com> writes:
> http://www.msnbc.com/msn/367495.asp
> [...]
> Comments?

It's not a vulnerability, it's a DoS. A little worse than a simple
flooder, but not much. MSNBC's explanation of how it works is
incorrect, too - what confuses the router is the destination address
on the ACK packet (since the packet it ACKs has a random source
address). There is no argument between the router and the server about
what's happening.

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message