[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: stream DoS
- From: Negrea Mihai <mihai_(_at_)_umft_(_dot_)_ro>
- Date: Wed, 29 Nov 2000 15:31:05 +0200 (EET)
I'm working on a firewall for my network under OpenBSD.
I'm at the testing phase... I found at rootshell a dos named stream that
sends huge amount of ACK's from spoofed ip's.
there are some rules specified there for ipf.
if I disable the firewall and test the DoS I can't do about anything on
the firewall box..
if I enable the firewall it eats a lot of CPU for the interrupt state
.. about 70% ... and again I don't like it. the rules are:
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all
then it says "Otherwise, wait for vendor patches.
I have an OpenBSD 2.7 with patches applied..
are there any other patches?
or can I do smth with ulimit maybe to limit the amount of CPU eaten by
Visit your host, monkey.org