Manas Garg <mlsat_private> writes: > Stanislav Shalunov has described it fairly well and following is one > of the locations where what he wrote can be found: > http://security-archive.merton.ox.ac.uk/bugtraq-200004/0156.html This particular archive HTMLizes messages, so it may be inconvenient to get the code out of there. See http://www.internet2.edu/~shalunov/netkill/ > Solaris (2.8): Well, it silently discarded the old connections to keep the > number of connections to 450 (approximately). Didn't check the > RAM and swap on this machine but what matters is that it was > taking some action to avoid a FIN_WAIT_1 DoS attack. Solaris 2.8 doing something a good news. However, I don't believe that throwing away the oldest connections is the best strategy here (I'd rather throw away random connections, with preference to those that eat a lot of buffer space). > 2. Is there a particular reason that this vulnerability still exists > in these Opearting Systems? Well, it isn't very obvious what to do about it. And breaking the standard is undesirable. Soemthing has to be done about the spec. Ad hoc solutions, different for each OS, could easily lead to unpredictable TCP reliability failures. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ Sex is the mathematics urge sublimated. -- M. C. Reed.
This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 12:32:20 PDT