Bugtraq mailing list archives
Re: Excellent host SYN-attack fix for BSD hosts
From: freedman () netaxs com (Avi Freedman)
Date: Sat, 12 Oct 1996 21:45:31 -0400
Sorry that I got you so worked up - but realize to those who are religiously anti-Solaris (for whatever the reason, but let's say the top 2 are "why should I change the keys my fingers are used to hitting" and "gee, am I glad I didn't go through the years of horrid, buggy, and slow releases"). And the tone of the announcement was fairly off-putting to those who do prefer to use SunOS. Anyway, many of those will probably migrate to NetBSD or other variants and won't be troubling Sun any more in a few years... And we'll tell people (especially in the ISP and networking community) about nice patches and will provide community support for them...
Hopefully Sun will incorporate this into their security announcement, which basically says you're screwed if you run SunOS, though it does describe how to increase the queue and decrease the SYN-holding timeout (if you have source...Incorporating it or endorsing it would be problematical for a couple of reasons. Let me state them, then if anybody wants to give me public or private feedback I'd be delighted.
I understand all of your staed reasons. What I expressed was a hope. Obviously that hope is baseless. That's OK, I'm a big boy :) Physically as well as emotionally.
Sorry to go on so long. I guess the good news is that you're getting the answer straight from the horse's mouth, with the bark off and (pretty much) to the point. If anybody can change my mind, I can probably get Avi's suggestion put into practice. Now at least you know we considered this kind of action carefully, and know the most important reasons we rejected it.
We'll probably post source diffs as well and anyone with SunOS source (you, perhaps :) ) can take a look and decide for yourselves how messy or interesting it would be to incorporate the changes.
I know that this space is not really the place for discussion, but I figured if one person could post my work here and the other could make a (thoughtful) suggestion about it, it wouldn't
Thanks for realizing it was a thoughtful and only slightly pissed-off suggestion...
be out of place for me to respond. I do suggest we take this discussion off line now, though. (And I would appreciate it if this note didn't appear in places I don't choose to put it, as only a few of my other explanations have. Thanks.) -mg-
Avi
Current thread:
- Re: Excellent host SYN-attack fix for BSD hosts Scriptors of DOOM (Oct 11)
- <Possible follow-ups>
- Re: Excellent host SYN-attack fix for BSD hosts Mark Graff (Oct 11)
- Poorly setup news servers Alan Brown (Oct 12)
- HPUX PPP Bug - bugger.ppl Aleph One (Oct 12)
- Re: Poorly setup news servers Bryan Reece (Oct 12)
- Re: Excellent host SYN-attack fix for BSD hosts Avi Freedman (Oct 12)
- Poorly setup news servers Alan Brown (Oct 12)
- Re: Excellent host SYN-attack fix for BSD hosts Charles M. Hannum (Oct 13)
- Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Granville Moore (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Vern Paxson (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Alan Cox (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Darren Reed (Oct 15)
- ftpd bug? Was: bin/1805: Bug in ftpd James Poland 6-5251 (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Steve Kann (Oct 15)
(Thread continues...)