[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

stream DoS

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: stream DoS
From: Negrea Mihai <mihai_(_at_)_umft_(_dot_)_ro>
Date: Wed, 29 Nov 2000 15:31:05 +0200 (EET)

Hi!

I'm working on a firewall for my network under OpenBSD.
I'm at the testing phase... I found at rootshell a dos named stream that
sends huge amount of ACK's from spoofed ip's.
there are some rules specified there for ipf.
if I disable the firewall and test the DoS I can't do about anything on
the firewall box..
if I enable the firewall it eats a lot of CPU for the interrupt state
.. about 70% ... and again I don't like it. the rules are:
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all

then it says "Otherwise, wait for vendor patches.
"
I have an OpenBSD 2.7 with patches applied..
are there any other patches?

or can I do smth with ulimit maybe to limit the amount of CPU eaten by
that DoS?

Thanks!

Negrea Mihai
email: mihai_(_at_)_negrea_(_dot_)_net
phone: +4093612495

Prev by Date: Re: CREATIVE 8432
Next by Date: RE: CREATIVE 8432
Previous by thread: SMB Filesharing
Next by thread: file descriptors for a proxy
Index(es):
- Date
- Thread

Visit your host, monkey.org