nanog mailing list archives
Re: New form of packet attack named Stream
From: "Damon M. Conway" <damon () chiba 3jane net>
Date: Fri, 21 Jan 2000 14:20:39 -0600
Pat Myrto wrote:
Alex P. Rudnev has declared that:e-mail me asking for the code.Actually, you provided enough details, so any unix guy who knows his sockets can write the program in fifteen minutes. This type of attack was known for a long time (and there are even nastier variations using TCP header bits and fragments), and, unfortunately, there's no good defense against it.There is one base rule - you (OS) MUST limit resources (CPU, MEMORY, buffers, sockets, etc) catched by any SINGLE origin (IP address, program, service). Such approach broke just any except a few DoS attacks - for example, if you try to exhaust memory attaking single service, then (1) service can't catch all memory because it's the SINGLE origin, and (2) one SRC address can't catch many resources because it's SINGLE origin, and (3) you can't generate too many different addresses in case of reverse-filtering.Any ideas/suggestions to hacks to kernel, etc (i.e., freebsd, linux, etc) to impose such limits (configurable by admin, preferably)? Especially in the CPU usage and memory areas (perhaps sockets/handles, too).
from freebsd-current yesterday: Subject: half-fix for stream.c http://www.freebsd.org/~alfred/tcp_fix.diff damon
Current thread:
- New form of packet attack named Stream Henry R. Linneweh (Jan 20)
- Re: New form of packet attack named Stream Joe Shaw (Jan 20)
- <Possible follow-ups>
- Re: New form of packet attack named Stream Vadim Antonov (Jan 20)
- Re: New form of packet attack named Stream Alex P. Rudnev (Jan 20)
- Re: New form of packet attack named Stream Pat Myrto (Jan 21)
- Re: New form of packet attack named Stream Richard Steenbergen (Jan 21)
- Re: New form of packet attack named Stream Damon M. Conway (Jan 21)
- Re: New form of packet attack named Stream Alex P. Rudnev (Jan 22)
- Re: New form of packet attack named Stream Alex P. Rudnev (Jan 20)
- Re: New form of packet attack named Stream Randy Bush (Jan 20)
- Re: New form of packet attack named Stream Andrew Brown (Jan 20)