new (?) attack?

Dustin Cross dusty at sandust.com
Tue Feb 26 15:31:29 PST 2002


what problems are you having?  what is your config? What resources are you using?  
I will help in any way I can.  

Dusty

cpaul at telemetrybox.org wrote: 
>
>Dusty,
>
>I am setting up a NetBSD firewall (switching over from NAT/ipfw on a MacOSX 
machine) and am running into some bonehead problems getting ipf to work kosher on a 
one-armed machine.  Any thoughts?
>
>Thanks,
>Charles
>
>On Tue, Feb 26, 2002 at 08:56:18PM +0000, Dustin Cross wrote:
>> This is a cool attack.  I think it would be easy to protect yourself against.  In
>> my firewall (openbsd and IPF) I default block all inbound traffic.  Then I
>> specifically allow traffic to the ports I need (80, 22, 25, etc) and only allow
>> packets with the SYN flag set and not the ACK flag.  Then I keep state of the
>> allowed connections.  Once I let that SYN packet through I let all traffic from
>> that connection through.  But if someone sent me a SYN/ACK packet and I did not
>> already have an open connection with them, my firewall would drop the packet.  
Now
>> I don't run a high traffic site and I don't know how much traffic you can track 
the
>> state of on any given hardware.  Does anyone else have any ideas about this?
>>
>> Dusty
>>
>>
>> Brian Hessee (gasp at runbox.com) wrote:
>> >
>> >this is interesting........and fairly scary...
>> >
>> >http://grc.com/dos/drdos.htm
>> >
>> >
>> >---
>> >You are currently subscribed to luau as: dusty at sandust.com
>> >To unsubscribe send a blank email to $subst('Email.Unsub')
>> >
>>
>> ---
>> You are currently subscribed to luau as: cpaul at telemetrybox.org
>> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>---
>You are currently subscribed to luau as: dusty at sandust.com
>To unsubscribe send a blank email to $subst('Email.Unsub')
>



More information about the LUAU mailing list