Re: FTP denial of service attack

Subject: Re: FTP denial of service attack
From: antirezINVECE.ORG
Date: Thu Dec 09 1999 - 04:17:13 CST

• Next message: der Mouse: "Re: FTP denial of service attack"
• Previous message: Henrik Nordstrom: "Re: FTP DoS - PORT and PASV effected."
• In reply to: bert hubert: "Re: FTP denial of service attack"
• Next in thread: Theo de Raadt: "Re: FTP denial of service attack"
• Reply: antirezINVECE.ORG: "Re: FTP denial of service attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Dec 07, 1999 at 10:40:09PM +0100, bert hubert wrote:
> The free unixes these days mostly come with packet filtering available by
> default, these might be best off. One could imagine a 'libfilter' which
> would easily allow daemons with the right permissions/capabilities to
> instruct the kernel to not accept connections anymore from a certain host.

Also as osserved by Pancrazio De Mauro there are not reasons
to know the client IP only after accept(2) the connection.
The SYN packet contains the IP address so it's possible to
implement for example an accept2 that return just after SYN
was received so we can obtain the IP address and then use
accpet2_reset() to RST or accept2_ok() to follow the threeway
handshake. Since this can be implemented using new syscall
API compatibility is preserved, but this seems a lot better
than modify on the fly firewalling rules.

antirez

• Next message: der Mouse: "Re: FTP denial of service attack"
• Previous message: Henrik Nordstrom: "Re: FTP DoS - PORT and PASV effected."
• In reply to: bert hubert: "Re: FTP denial of service attack"
• Next in thread: Theo de Raadt: "Re: FTP denial of service attack"
• Reply: antirezINVECE.ORG: "Re: FTP denial of service attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Dec 10 1999 - 12:51:36 CST