Date: Mon, 24 Apr 2000 15:36:22 -0400 (EDT) From: Bosko Milekic <bmilekic@dsuper.net> To: stanislav shalunov <shalunov@att.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: netkill - generic remote DoS attack Message-ID: <Pine.BSF.4.21.0004241530110.20271-100000@jehovah.technokratis.com> In-Reply-To: <200004241710.NAA44530@tuzik.lz.att.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Apr 2000, stanislav shalunov wrote: > (a) stop accepting new connections until old ones time out; > (b) free some mbuf memory forcibly. > > To do (b) properly, we can't just throw away pieces of send queues. > We must tear down some connections and send an RST to the remote end > and return ENOBUFS to the application, if any, using them locally. > > The solution (a) removes the obvious bug (system panics), but doesn't > solve the problem. It appears that some variation of (b) must be > deployed. > Well, with regards to (b) -- somewhat -- I have been thinking about a solution for `local' processes swallowing up sockbuf space and, consequently, mbufs. I'm sure you can think of something else to append to that and have similiar behavior for remote attacks. I've had little time to continue working on this right now, mainly due to lack of interest (apart from a few people who offered comments, notably Eivind Eklund) and also, of course, upcoming finals. I'm very willing to continue the work once this is all over, which will hopefully be in approximately 3 weeks. In the meantime, feel free to look it over yourself, since you've obviously gotten the point: http://pages.infinit.net/bmilekic/sockclnd/index.html -Bosko -- Bosko Milekic * pages.infinit.net/bmilekic/index.html * www.technokratis.com bmilekic@dsuper.net * bmilekic@technokratis.com * b.milekic@marianopolis.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004241530110.20271-100000>