Re: explanation and code for stream.c issues

From: Giorgos Keramidas (charonat_private)
Date: Fri Jan 21 2000 - 19:06:56 PST

Next message: Frank (sysadmin): "Re: stream.c - new FreeBSD exploit?"

Previous message: Erik Fichtner: "Re: explanation and code for stream.c issues"
Maybe in reply to: Tim Yardley: "explanation and code for stream.c issues"
Next in thread: Vladimir Dubrovin: "Re: explanation and code for stream.c issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 21, 2000 at 01:15:27PM -0600, Tim Yardley wrote:
>
> As was mentioned in the "advisory/explanation" on the issue, ipfw cannot
> deal with the problem due to the fact that it is stateless.
>
> The attack comes from random ip addresses, therefore throttling like that
> only hurts your connection or solves nothing at all.  In other words, the
> random sourcing and method of the attack, makes a non-stateless firewall
> useless.

Substitute 'stateless' for 'non-stateless' above.  A stateless firewall, like
IPFW is the type of firewall that is useless.

-- Giorgos

Next message: Frank (sysadmin): "Re: stream.c - new FreeBSD exploit?"
Previous message: Erik Fichtner: "Re: explanation and code for stream.c issues"
Maybe in reply to: Tim Yardley: "explanation and code for stream.c issues"
Next in thread: Vladimir Dubrovin: "Re: explanation and code for stream.c issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:53 PDT