new (?) attack?
cpaul at telemetrybox.org
cpaul at telemetrybox.org
Tue Feb 26 13:36:41 PST 2002
Dusty,
I am setting up a NetBSD firewall (switching over from NAT/ipfw on a MacOSX machine) and am running into some bonehead problems getting ipf to work kosher on a one-armed machine. Any thoughts?
Thanks,
Charles
On Tue, Feb 26, 2002 at 08:56:18PM +0000, Dustin Cross wrote:
> This is a cool attack. I think it would be easy to protect yourself against. In
> my firewall (openbsd and IPF) I default block all inbound traffic. Then I
> specifically allow traffic to the ports I need (80, 22, 25, etc) and only allow
> packets with the SYN flag set and not the ACK flag. Then I keep state of the
> allowed connections. Once I let that SYN packet through I let all traffic from
> that connection through. But if someone sent me a SYN/ACK packet and I did not
> already have an open connection with them, my firewall would drop the packet. Now
> I don't run a high traffic site and I don't know how much traffic you can track the
> state of on any given hardware. Does anyone else have any ideas about this?
>
> Dusty
>
>
> Brian Hessee (gasp at runbox.com) wrote:
> >
> >this is interesting........and fairly scary...
> >
> >http://grc.com/dos/drdos.htm
> >
> >
> >---
> >You are currently subscribed to luau as: dusty at sandust.com
> >To unsubscribe send a blank email to $subst('Email.Unsub')
> >
>
> ---
> You are currently subscribed to luau as: cpaul at telemetrybox.org
> To unsubscribe send a blank email to $subst('Email.Unsub')
More information about the LUAU
mailing list