Re: Patch: accept filters for NetBSD

To: Sverre Froyen <sverre%viewmark.com@localhost>
Subject: Re: Patch: accept filters for NetBSD
From: "Jason V. Miller" <jmiller%securityfocus.com@localhost>
Date: Tue, 29 Jan 2008 10:26:35 -0700

On Tue, Jan 29, 2008 at 10:17:11AM -0700, Sverre Froyen wrote:
> > Yes, as you quoted above, I understand one motivation may be
> > performance.
> >
> > Are there any benchmarks done on ~current NetBSD? :)
> 
> My understanding is that the dataready filter can be used to prevent the type 
> of DoS attack that I inquired about in
> 
>       http://mail-index.netbsd.org/netbsd-help/2005/01/10/0005.html
> 
> and where the attacker ties up all available httpd processes on a server.  
> This obviously helps server performance but may be difficult to quantify in a 
> benchmark.

If the ``dataready'' filter isn't application specific, you could probably
perform a similar attack by sending a partial HTTP request, though I'm
assuming that ``dataready'' just means accept() won't return until N bytes
of data exist in the receive queue.

A better way to stop the attack described in the referenced post would
probably be with pf(4) and source-track / max-src-states.

J.

-- 
Jason V. Miller

References:
- Patch: accept filters for NetBSD
  - From: Thor Lancelot Simon
- Re: Patch: accept filters for NetBSD
  - From: Joerg Sonnenberger
- Re: Patch: accept filters for NetBSD
  - From: Elad Efrat
- Re: Patch: accept filters for NetBSD
  - From: Sverre Froyen

Prev by Date: Re: Patch: accept filters for NetBSD
Next by Date: Re: Patch: accept filters for NetBSD
Previous by Thread: Re: Patch: accept filters for NetBSD
Next by Thread: Re: Patch: accept filters for NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index