Date: Sat, 22 Jan 2000 05:06:56 +0200 From: Giorgos Keramidas <charon@hades.hell.gr> To: Tim Yardley <yardley@uiuc.edu> Cc: Vladimir Dubrovin <vlad@sandy.ru>, news@technotronic.com, bugtraq@securityfocus.com, freebsd-security@FreeBSD.ORG Subject: Re: explanation and code for stream.c issues Message-ID: <20000122050656.B27571@hades.hell.gr> In-Reply-To: <4.2.0.58.20000121131202.0135ef10@students.uiuc.edu> References: <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu> <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu> <8920.000121@sandy.ru> <4.2.0.58.20000121131202.0135ef10@students.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 21, 2000 at 01:15:27PM -0600, Tim Yardley wrote: > > As was mentioned in the "advisory/explanation" on the issue, ipfw cannot > deal with the problem due to the fact that it is stateless. > > The attack comes from random ip addresses, therefore throttling like that > only hurts your connection or solves nothing at all. In other words, the > random sourcing and method of the attack, makes a non-stateless firewall > useless. Substitute 'stateless' for 'non-stateless' above. A stateless firewall, like IPFW is the type of firewall that is useless. -- Giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000122050656.B27571>