Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: explanation and code for stream.c issues

From: yardley () UIUC EDU (Tim Yardley)
Date: Fri, 21 Jan 2000 11:42:24 -0600

At 11:25 AM 1/21/2000, Tim Yardley wrote:

stream.c issues

---------------------------------------------------
:: temp remedy (exec summary)
---------------------------------------------------

If you use ipfilter...

-- start rule set --
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all
-- end rule set --

That will help you "stop" the attack, although it will still use some CPU
though

Note: If you use IPFW, there is no immediate way to solve this problem due
to the fact that it is a stateless firewall.  If you are getting attacked,
then temporarily use ipfilter to stop it.

Otherwise, wait for vendor patches.

FreeBSD "unofficial patch" by Alfred Perlstein:
http://www.freebsd.org/~alfred/tcp_fix.diff


<snip>


-- start stream.c --


<snip>


  packet.tcp.th_flags           = 0;


change this to a little different effect:

packet.tcp.th_flags             = TH_ACK;

<snip>

/tmy

-- Diving into infinity my consciousness expands in inverse
    proportion to my distance from singularity

+--------  -------  ------  -----  ---- --- -- ------ --------+
|  Tim Yardley (yardley () uiuc edu)    
|  http://www.students.uiuc.edu/~yardley/
+--------  -------  ------  -----  ---- --- -- ------ --------+
Previous By Date Next
Previous By Thread Next

Current thread: