woodsat_private (Greg A. Woods) writes: > [ On , July 24, 2001 at 15:05:10 (-0400), stanislav shalunov wrote: ] > > (I'd rather throw away random connections, with preference to those > > that eat a lot of buffer space). > > That seems illogical given the nature of the problem. [Suggestions on how to make changes to the kernel to make a particular netkill script ineffective snipped.] It's a solution to the wrong problem. You assume very specific scenario and then proceed to state that attackers won't even change it to the extent of sending another packet per connection. Can you somehow substantiate this statement? What exactly will prevent them from adding a dozen more lines to netkill? You must have a very optimistic threat model. Your scenario also assumes that it'll be necessarily new FIN_WAIT_1 connections that eat the buffer space instead of addressing a general problem: What do you do when your finite buffer space is exhausted while TCP spec tells you you need to maintain yet more state? At any rate, BUGTRAQ isn't the place to solve this general problem. Tsvwg might be... -- Stanislav Shalunov http://www.internet2.edu/~shalunov/ Letters in this message are closer than they appear.
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:42:56 PDT