[13468] in bugtraq
Re: explanation and code for stream.c issues
daemon@ATHENA.MIT.EDU (Tim Yardley)
Fri Jan 21 14:31:40 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.0.58.20000121113943.012a8f10@students.uiuc.edu>
Date: Fri, 21 Jan 2000 11:42:24 -0600
Reply-To: Tim Yardley <yardley@UIUC.EDU>
From: Tim Yardley <yardley@UIUC.EDU>
X-To: news@technotronic.com, bugtraq@securityfocus.com,
freebsd-security@FreeBSD.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <4.2.0.58.20000121112253.012a8f10@students.uiuc.edu>
At 11:25 AM 1/21/2000, Tim Yardley wrote:
>stream.c issues
>
>---------------------------------------------------
>:: temp remedy (exec summary)
>---------------------------------------------------
>
>If you use ipfilter...
>
>-- start rule set --
>block in quick proto tcp from any to any head 100
>pass in quick proto tcp from any to any flags S keep state group 100
>pass in all
>-- end rule set --
>
>That will help you "stop" the attack, although it will still use some CPU
>though
>
>Note: If you use IPFW, there is no immediate way to solve this problem due
>to the fact that it is a stateless firewall. If you are getting attacked,
>then temporarily use ipfilter to stop it.
>
>Otherwise, wait for vendor patches.
>
>FreeBSD "unofficial patch" by Alfred Perlstein:
>http://www.freebsd.org/~alfred/tcp_fix.diff
<snip>
>-- start stream.c --
<snip>
> packet.tcp.th_flags = 0;
change this to a little different effect:
packet.tcp.th_flags = TH_ACK;
<snip>
/tmy
-- Diving into infinity my consciousness expands in inverse
proportion to my distance from singularity
+-------- ------- ------ ----- ---- --- -- ------ --------+
| Tim Yardley (yardley@uiuc.edu)
| http://www.students.uiuc.edu/~yardley/
+-------- ------- ------ ----- ---- --- -- ------ --------+
