On Wed, Jul 23, 2003 at 01:36:13AM -0300, Alejandro G. Belluscio wrote: > I just wonder if some hash attack could be used against the state > matching code without flags, like the recens DNS attack. > http://www.cs.rice.edu/~scrosby/hash/
hmm. the paper mentions squid, and it seems to be of a very low-risk factor, but it makes me wonder if this at-all fits into the FIN flood thing i mentioned on-list back a bit ago... ( or maybe at misc@ ) which does only happen to me when the 3.3-current NAT/firewalling gateway is doing rdr on $int_if from <LAN> to any port www -> lo0 port squid and said gateway is also running squid ( duplicated with 2.5STABLE3p1 ) *in transparent mode*. if i'm not running transparent and doing redirection, the FIN flood doesn't happen... and, fwiw, it takes the gateway *down*, hardcore, in despite of being a p3/450 with fxp NIC vs. the k6-2/500 with dc NIC. -- [ openbsd 3.3 current/GENERIC ( jul 21 ) // i386 ]
