From owner-freebsd-security Fri Jan 21 14:13:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from clapton.atgsystems.com (clapton.atgsystems.com [207.122.162.32]) by hub.freebsd.org (Postfix) with ESMTP id 06999155C8 for ; Fri, 21 Jan 2000 14:13:47 -0800 (PST) (envelope-from bobm@atgsystems.com) Received: from madman (root@joplin.atgsystems.com [207.122.162.33]) by clapton.atgsystems.com (8.8.8/8.8.8) with SMTP id QAA08520 for ; Fri, 21 Jan 2000 16:11:56 -0600 (CST) (envelope-from bobm@atgsystems.com) Message-ID: <038801bf645c$ed6d5f00$01000000@madman> From: "Bob Madden" To: "FreeBSD-Security" Subject: Re: Some observations on stream.c and streamnt.c Date: Fri, 21 Jan 2000 16:14:44 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----Original Message----- From: Brett Glass >Not just that. I suspect that it runs out of buffers >because it's queueing up RST packets and ICMP packets. And >discarding important incoming packets in the process. >(Which is another thing you'll see in a test: the more >INPUT the server needs to accept, the more it will be >affected.) I believe this to be true. Realize that in a real world attack, the attack most likely originates from more than one source AND it continues for a good hour or so or however long it takes to crash the box. But it DOES crash the box. My experience is with FreeBSD, but as has been suggested/demonstrated it has similar effects on other platforms. Bob Madden >,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,< --This Message Composed By: Bob Madden -- bobm@ATGSYSTEMS.COM Sys Admin /Network Engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message