At 11:25 AM 1/21/2000, Tim Yardley wrote: >stream.c issues > >--------------------------------------------------- >:: temp remedy (exec summary) >--------------------------------------------------- > >If you use ipfilter... > >-- start rule set -- >block in quick proto tcp from any to any head 100 >pass in quick proto tcp from any to any flags S keep state group 100 >pass in all >-- end rule set -- > >That will help you "stop" the attack, although it will still use some CPU >though > >Note: If you use IPFW, there is no immediate way to solve this problem due >to the fact that it is a stateless firewall. If you are getting attacked, >then temporarily use ipfilter to stop it. > >Otherwise, wait for vendor patches. > >FreeBSD "unofficial patch" by Alfred Perlstein: >http://www.freebsd.org/~alfred/tcp_fix.diff <snip> >-- start stream.c -- <snip> > packet.tcp.th_flags = 0; change this to a little different effect: packet.tcp.th_flags = TH_ACK; <snip> /tmy -- Diving into infinity my consciousness expands in inverse proportion to my distance from singularity +-------- ------- ------ ----- ---- --- -- ------ --------+ | Tim Yardley (yardleyat_private) | http://www.students.uiuc.edu/~yardley/ +-------- ------- ------ ----- ---- --- -- ------ --------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:47 PDT