Subject: Re: [email@example.com: ipfilter denial of service problem]
To: Mason Loring Bliss <firstname.lastname@example.org>
From: Quentin Garnier <email@example.com>
Date: 01/10/2003 08:38:53
Le Thu, 9 Jan 2003 19:20:40 -0500
Mason Loring Bliss a écrit :
> This was on BugTraq recently.
> Can someone familiar with ipf's guts explain in more detail what would
> constitute a situation where one is vulnerable to a DOS using this
Darren answered on BugTraq.
The DOS situation happens when you have a TCP 'keep state' rule that
doesn't require the SYN flag. Thus, a state entry is created with the
bogus ACK packet.
So usually you're safe, since the TCP 'keep state' rules should require
the SYN flag, to have a state entry created only when a connexion is
Quentin Garnier - firstname.lastname@example.org
"Feels like I'm fiddling while Rome is burning down.
Should I lay my fiddle down and take a rifle from the ground ?"
Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002.