[3441] in bugtraq
Re: Excellent host SYN-attack fix for BSD hosts
daemon@ATHENA.MIT.EDU (Avi Freedman)
Sun Oct 13 00:30:31 1996
Date: Sat, 12 Oct 1996 21:45:31 -0400
Reply-To: Avi Freedman <freedman@NETAXS.COM>
From: Avi Freedman <freedman@NETAXS.COM>
X-To: Mark Graff <mark.graff@Eng.Sun.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199610120257.TAA15638@liberty.eng.sun.com> from "Mark Graff" at
Oct 11, 96 07:57:47 pm
Sorry that I got you so worked up - but realize to those who are religiously
anti-Solaris (for whatever the reason, but let's say the top 2 are "why
should I change the keys my fingers are used to hitting" and "gee, am I
glad I didn't go through the years of horrid, buggy, and slow releases").
And the tone of the announcement was fairly off-putting to those
who do prefer to use SunOS.
Anyway, many of those will probably migrate to NetBSD or other variants
and won't be troubling Sun any more in a few years...
And we'll tell people (especially in the ISP and networking community)
about nice patches and will provide community support for them...
> > Hopefully Sun will incorporate this into their security announcement, which
> > basically says you're screwed if you run SunOS, though it does describe
> > how to increase the queue and decrease the SYN-holding timeout (if you
> > have source...
>
> Incorporating it or endorsing it would be problematical for a couple
> of reasons. Let me state them, then if anybody wants to give me
> public or private feedback I'd be delighted.
I understand all of your staed reasons.
What I expressed was a hope.
Obviously that hope is baseless.
That's OK, I'm a big boy :)
Physically as well as emotionally.
> Sorry to go on so long. I guess the good news is that you're
> getting the answer straight from the horse's mouth, with the
> bark off and (pretty much) to the point. If anybody can change
> my mind, I can probably get Avi's suggestion put into practice.
> Now at least you know we considered this kind of action carefully,
> and know the most important reasons we rejected it.
We'll probably post source diffs as well and anyone with SunOS source
(you, perhaps :) ) can take a look and decide for yourselves how messy
or interesting it would be to incorporate the changes.
> I know that this space is not really the place for discussion,
> but I figured if one person could post my work here and the
> other could make a (thoughtful) suggestion about it, it wouldn't
Thanks for realizing it was a thoughtful and only slightly pissed-off
suggestion...
> be out of place for me to respond. I do suggest we take this
> discussion off line now, though. (And I would appreciate it if
> this note didn't appear in places I don't choose to put it, as
> only a few of my other explanations have. Thanks.)
>
> -mg-
Avi
