Date: Fri, 21 Jan 2000 15:15:05 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Brett Glass <brett@lariat.org> Cc: Alfred Perlstein <bright@wintelcom.net>, security@FreeBSD.ORG Subject: Re: stream.c worst-case kernel paths Message-ID: <200001212315.PAA64608@apollo.backplane.com> References: <4.2.2.20000120182425.01886ec0@localhost> <20000120195257.G14030@fw.wintelcom.net> <4.2.2.20000120220649.018faa80@localhost> <4.2.2.20000120222630.01919150@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
:
:At 10:21 PM 1/20/2000 , Matthew Dillon wrote:
:
:> I think it's a bad idea to make anything that breaks the protocol
:> standard the default.
:
:I see your point. But isn't it really the protocol standard that's
:broken? It might be worthwhile to set a de facto standard as part
:of the process of moving for change in the formal one. (Extensions and
:changes to IETF standards frequently happen this way.) If people at
:the IETF meetings say, "FreeBSD now handles this situation this way, and
:it's MUCH more robust," it'll be a strong selling point in favor of
:a follow-on RFC. This has worked for e-mail standards, which Heaven
:knows are STILL in need of enhancement.
:
:--Brett Glass
There is nothing wrong with the protocol standard. Just because it
happens to appear to be vulernable to a DOS attack does not make it
'broken'. RST handling is designed to deal with long network downtime
and host reboot resynchronization cases. Just dropping the RST response will
cause the other end to take a much longer to timeout then it would otherwise.
Dropping RST's in anything but a self-defense situation during a real life
attack is a bad idea.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001212315.PAA64608>