ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE

• Previous message: Darren Reed: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Next in thread: Daniel O'Callaghan: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Maybe reply: Daniel O'Callaghan: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Maybe reply: Darren Reed: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Adding a rule for the interface denying packets from oneself appears to
defend against the new attack.

This rule worked:

03001 deny ip from 128.2.91.57 to 128.2.91.57 via ed0

Where 128.2.91.57 is the host's IP address on device ed0.

This presumably works on other versions of FreeBSD, and other systems with
ipfw/ipfirewall installed on them.  As always, if you are not familiar
with ipfw and don't know how it works, don't use this unless you are on
the console the first time!

Adding this to rc.firewall on FreeBSD is also a good idea.  Multi-homed
hosts require one entry per device, needless to say.

  Robert N Watson

Junior, Logic+Computation, Carnegie Mellon University  http://www.cmu.edu/
Network Administrator, SafePort Network Services  http://www.safeport.com/
robertat_private rwatsonat_private http://www.watson.org/~robert/

• Next message: Aleph One: "Re: "LAND" Attack Update"
• Previous message: Darren Reed: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Next in thread: Daniel O'Callaghan: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Maybe reply: Daniel O'Callaghan: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Maybe reply: Darren Reed: "Re: ipfw workaround for syn-loop attack, FreeBSD 2.2.5-STABLE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:21 PDT