lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20090620.010514.46602476.davem@davemloft.net>
Date:	Sat, 20 Jun 2009 01:05:14 -0700 (PDT)
From:	David Miller <davem@...emloft.net>
To:	Joel.Becker@...cle.com
Cc:	netdev@...r.kernel.org
Subject: Re: TCP Persist Timer DoS

From: Joel Becker <Joel.Becker@...cle.com>
Date: Fri, 19 Jun 2009 15:31:06 -0700

> Hey Netfolk,
> 	I have to assume you've seen
> http://www.phrack.org/issues.html?issue=66&id=9&mode=txt.  Does anyone
> have a plan or opinion on the DoS?  A way to mitigate it, a -EDONTCARE
> opinion, anything?

This is just like every other "DoS" out there where the attacker has
to reveal it's IP identity to accomplish the attack, in that it is
trivial to protect using netfilter by limiting the number of
connections a host can make with your system.

There are thousands of ways to open up a ton of TCP connections and
have them sit in a dormant state infinitely.

Nothing is really new here.

I noticed some amusing things in the threads discussing this: "Is it
just me or can pretty much every web site in the world get turned off
now?"

Ok, Chicken Little, the sky is falling.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ