Date: Sun, 23 Apr 2000 23:23:08 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: "Louis A. Mamakos" <louie@TransSys.COM> Cc: freebsd-net@FreeBSD.ORG Subject: Re: netkill - generic remote DoS attack (fwd) Message-ID: <200004240323.XAA31753@khavrinen.lcs.mit.edu> In-Reply-To: <200004232202.SAA47172@whizzo.transsys.com> References: <Pine.NEB.3.96L.1000423120520.3461B-100000@fledge.watson.org> <200004232202.SAA47172@whizzo.transsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 23 Apr 2000 18:02:18 -0400, "Louis A. Mamakos" <louie@TransSys.COM> said: > Perhaps if you're concerned that random people are attacking your system > by using the way TCP functions, you should instead use IPSEC to authenticate > the remote party before allowing the connection to open? Not helpful. The reason why these DoS attacks are so successful is that it's the server-operator's business to offer service to all comers. To restrict access (particularly to the tiny subset of the population which would be authenticable using IPSEC) would defeat the entire purpose of the server. Unfortunately, this particular DoS is inherent in the TCP design. There are a whole bunch of others that are not as widely known, which have (relatively) easier solutions. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004240323.XAA31753>