At 02:09 PM 1/20/2000 , jamiE rishaw - master e*tard wrote:
>I have a copy of this, which I am not giving out. I will probably
>fire one off to jkh for sanity,
I've been a good boy, so I hope that, er, Sanity doesn't come down the
chimney of any of the systems I administer before there's a patch! ;-)
>but this looks like a really tough one
>to handle.
>
>The program basically fires off *loads* of pkts/sec of ACK at the victim
>host.. random source, blah blah.
>
>The problem is, the kernel already (from my understanding) drops bad ACKs
>pretty quickly. The thing is, tho, that it's kernel bound.. which means
>CPU.. so unless you have tons of extra CPU to spare, this attack will
>take your system to a "pause" until the attacker ceases.
The name "stream.c" makes it sound like a local, not remote, DoS. Does
it have to be done from inside the system to be effective? I would think
that, if it came from the outside, it'd be harder to saturate the
victim.
I can think of ways to filter this by adding some stuff to IPFW.
--Brett
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
