[13501] in bugtraq
Re: explanation and code for stream.c issues
daemon@ATHENA.MIT.EDU (Giorgos Keramidas)
Sun Jan 23 17:11:52 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000122050656.B27571@hades.hell.gr>
Date: Sat, 22 Jan 2000 05:06:56 +0200
Reply-To: keramida@ceid.upatras.gr
From: Giorgos Keramidas <charon@HADES.HELL.GR>
X-To: Tim Yardley <yardley@uiuc.edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <4.2.0.58.20000121131202.0135ef10@students.uiuc.edu>
On Fri, Jan 21, 2000 at 01:15:27PM -0600, Tim Yardley wrote:
>
> As was mentioned in the "advisory/explanation" on the issue, ipfw cannot
> deal with the problem due to the fact that it is stateless.
>
> The attack comes from random ip addresses, therefore throttling like that
> only hurts your connection or solves nothing at all. In other words, the
> random sourcing and method of the attack, makes a non-stateless firewall
> useless.
Substitute 'stateless' for 'non-stateless' above. A stateless firewall, like
IPFW is the type of firewall that is useless.
-- Giorgos
