Date: Fri, 21 Jan 2000 22:59:12 -0600 From: Brad Guillory <round@baileylink.net> To: freebsd-security@FreeBSD.ORG Subject: Re: Some observations on stream.c and streamnt.c Message-ID: <20000121225912.A5907@baileylink.net> In-Reply-To: <20000121171759.D56672@baileylink.net>; from round@baileylink.net on Fri, Jan 21, 2000 at 05:17:59PM -0600 References: <Pine.BSF.4.10.10001211649440.4460-100000@tetron02.tetronsoftware.com> <200001212258.OAA64329@apollo.backplane.com> <20000121171759.D56672@baileylink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 21, 2000 at 05:17:59PM -0600, I wrote: > I don't understand how a "script kiddie" is going to garner the bandwidth > to run an attack into the multi-megabit range. This is not a leveraged > attack (right?). What kind of packet rate are we talking about to reboot > a system, I understand that this will depend on the equipment, but I am > interested in any numbers that would allow me to evaluate the real impact > that this DOS will have. Most people that have enough bandwidth to launch > a multi-megabit attack have better things to do than (or is it then) to pick > on me. Thanx all, BMG Thank you for the responces everyone, it seems that someone even decided to show me just how vulnerable that I was. I did not see anyone address approximatly what number of pps that we are talking about to significantly affect a machine? I only have 9 mbit/sec uplink here so I am wondering if I really have to worry about this. I imagine that there are several other people out there that are in the same boat as me. I am really looking for an order of magnitude here. I think that I heard Wes say that 1,000 packets per second lagged a machine, and 10,000 packets per second cause a reboot, but he didn't say what type of machine. So how big is the smallest ack packet? 20 bytes? So if I have all my unit conversions correct: 1,000[packets/sec] x 20[bytes/packet] x 10[bit/byte] = 200,000bit/sec 10,000pps = 2,000,000bit/sec If you are connected via anything bigger than a T1 you have something to worry about. Does this sound reasonable? Otherwise it is "just" a DOS. Everything is out of the window if I the attacker is on your LAN, but in that cause you probably have bigger issues to deal with. Thanx, BMG To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000121225912.A5907>