Bugtraq mailing list archives

Re: Excellent host SYN-attack fix for BSD hosts

From: jaw () Op Net (Jeff Weisberg)
Date: Tue, 15 Oct 1996 18:33:05 -0400


Steve Kann <stevek () io360 com> writes:
| 3 days of letting a program rip doesn't seem like much price to pay for
| being able to subvert a packet filter rule.  This is what has scared me
| about this solution from the outset.  Am I missing something, or are we
| setting ourselves up to exchange a DOS condition for something worse?

well, if someone is going to spend a weekend randomly guessing at 32bit
numbers, there are other attacks they could go for that are not going to
fill someone's screen/logfiles with 100 "verify failed, dropping" every
second (which would (hopefully) be noticed)



        --jeff

Current thread:

Re: Excellent host SYN-attack fix for BSD hosts, (continued)
- Re: Excellent host SYN-attack fix for BSD hosts Charles M. Hannum (Oct 13)
- Re: Excellent host SYN-attack fix for BSD hosts Casper Dik (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Granville Moore (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Vern Paxson (Oct 14)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
  - Re: Excellent host SYN-attack fix for BSD hosts Alan Cox (Oct 15)
  - Re: Excellent host SYN-attack fix for BSD hosts Darren Reed (Oct 15)
  - ftpd bug? Was: bin/1805: Bug in ftpd James Poland 6-5251 (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 14)
  - Re: Excellent host SYN-attack fix for BSD hosts Steve Kann (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Jeff Weisberg (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts D. J. Bernstein (Oct 15)
- Re: Excellent host SYN-attack fix for BSD hosts Vern Paxson (Oct 16)