Le Thu, 9 Jan 2003 19:20:40 -0500
Mason Loring Bliss a écrit :
> This was on BugTraq recently.
> 
> Can someone familiar with ipf's guts explain in more detail what would
> constitute a situation where one is vulnerable to a DOS using this
> method?

Darren answered on BugTraq.

The DOS situation happens when you have a TCP 'keep state' rule that
doesn't require the SYN flag. Thus, a state entry is created with the
bogus ACK packet.

So usually you're safe, since the TCP 'keep state' rules should require
the SYN flag, to have a state entry created only when a connexion is
initiated.

-- 
Quentin Garnier - cube@cubidou.net
"Feels like I'm fiddling while Rome is burning down.
Should I lay my fiddle down and take a rifle from the ground ?"
Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002.