Bugtraq mailing list archives
Re: Excellent host SYN-attack fix for BSD hosts
From: jaw () Op Net (Jeff Weisberg)
Date: Mon, 14 Oct 1996 13:43:09 -0400
"Charles M. Hannum" <mycroft () mit edu> commented: | Avi Freedman <freedman () netaxs com> writes: | > No state is kept locally; when a SYN is received, an ISS is generated that | > contains a few bits for reference into a table of MSS values; window size | > and any initial data is discarded; and the rest of the ISS is the MD5 output | > of a 32-byte secret and all of the interesting header info. | | This doesn't seem to deal with window scaling, which is a big lose on | high-bandwidth networks. no, it does not handle window scaling. The code was written for SunOS, which does not support window scaling. This would be fairly simple to add for hosts which support it. also, my code has hooks for dynamically deciding whether or not we save state or not. | It also breaks TCP's algorithm for | recognizing stale data. how so? I admit that in writing the code, I was far more concerned with stopping the attack we were under, than I was in any theoretical reliability concerns, but the way we generate the iss (which I cannot take credit for), we will not get values that are slightly less than a previous one for a given set of {saddr,sport, daddr,dport} which should suffice for the above concern. --jeff
Current thread:
- Re: Excellent host SYN-attack fix for BSD hosts Scriptors of DOOM (Oct 11)
- <Possible follow-ups>
- Re: Excellent host SYN-attack fix for BSD hosts Mark Graff (Oct 11)
- Poorly setup news servers Alan Brown (Oct 12)
- HPUX PPP Bug - bugger.ppl Aleph One (Oct 12)
- Re: Poorly setup news servers Bryan Reece (Oct 12)
- Re: Excellent host SYN-attack fix for BSD hosts Avi Freedman (Oct 12)
- Poorly setup news servers Alan Brown (Oct 12)
- Re: Excellent host SYN-attack fix for BSD hosts Charles M. Hannum (Oct 13)
- Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Granville Moore (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Vern Paxson (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Alan Cox (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Darren Reed (Oct 15)
- ftpd bug? Was: bin/1805: Bug in ftpd James Poland 6-5251 (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Steve Kann (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts D. J. Bernstein (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Vern Paxson (Oct 16)