new (?) attack?
Dustin Cross
dusty at sandust.com
Tue Feb 26 15:31:29 PST 2002
what problems are you having? what is your config? What resources are you using?
I will help in any way I can.
Dusty
cpaul at telemetrybox.org wrote:
>
>Dusty,
>
>I am setting up a NetBSD firewall (switching over from NAT/ipfw on a MacOSX
machine) and am running into some bonehead problems getting ipf to work kosher on a
one-armed machine. Any thoughts?
>
>Thanks,
>Charles
>
>On Tue, Feb 26, 2002 at 08:56:18PM +0000, Dustin Cross wrote:
>> This is a cool attack. I think it would be easy to protect yourself against. In
>> my firewall (openbsd and IPF) I default block all inbound traffic. Then I
>> specifically allow traffic to the ports I need (80, 22, 25, etc) and only allow
>> packets with the SYN flag set and not the ACK flag. Then I keep state of the
>> allowed connections. Once I let that SYN packet through I let all traffic from
>> that connection through. But if someone sent me a SYN/ACK packet and I did not
>> already have an open connection with them, my firewall would drop the packet.
Now
>> I don't run a high traffic site and I don't know how much traffic you can track
the
>> state of on any given hardware. Does anyone else have any ideas about this?
>>
>> Dusty
>>
>>
>> Brian Hessee (gasp at runbox.com) wrote:
>> >
>> >this is interesting........and fairly scary...
>> >
>> >http://grc.com/dos/drdos.htm
>> >
>> >
>> >---
>> >You are currently subscribed to luau as: dusty at sandust.com
>> >To unsubscribe send a blank email to $subst('Email.Unsub')
>> >
>>
>> ---
>> You are currently subscribed to luau as: cpaul at telemetrybox.org
>> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>---
>You are currently subscribed to luau as: dusty at sandust.com
>To unsubscribe send a blank email to $subst('Email.Unsub')
>
More information about the LUAU
mailing list