* TCP Persist Timer DoS
@ 2009-06-19 22:31 Joel Becker
2009-06-20 8:05 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Joel Becker @ 2009-06-19 22:31 UTC (permalink / raw)
To: netdev
Hey Netfolk,
I have to assume you've seen
http://www.phrack.org/issues.html?issue=66&id=9&mode=txt. Does anyone
have a plan or opinion on the DoS? A way to mitigate it, a -EDONTCARE
opinion, anything?
Joel
--
"For every complex problem there exists a solution that is brief,
concise, and totally wrong."
-Unknown
Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker@oracle.com
Phone: (650) 506-8127
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: TCP Persist Timer DoS
2009-06-19 22:31 TCP Persist Timer DoS Joel Becker
@ 2009-06-20 8:05 ` David Miller
2009-06-20 9:11 ` Joel Becker
0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2009-06-20 8:05 UTC (permalink / raw)
To: Joel.Becker; +Cc: netdev
From: Joel Becker <Joel.Becker@oracle.com>
Date: Fri, 19 Jun 2009 15:31:06 -0700
> Hey Netfolk,
> I have to assume you've seen
> http://www.phrack.org/issues.html?issue=66&id=9&mode=txt. Does anyone
> have a plan or opinion on the DoS? A way to mitigate it, a -EDONTCARE
> opinion, anything?
This is just like every other "DoS" out there where the attacker has
to reveal it's IP identity to accomplish the attack, in that it is
trivial to protect using netfilter by limiting the number of
connections a host can make with your system.
There are thousands of ways to open up a ton of TCP connections and
have them sit in a dormant state infinitely.
Nothing is really new here.
I noticed some amusing things in the threads discussing this: "Is it
just me or can pretty much every web site in the world get turned off
now?"
Ok, Chicken Little, the sky is falling.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: TCP Persist Timer DoS
2009-06-20 8:05 ` David Miller
@ 2009-06-20 9:11 ` Joel Becker
0 siblings, 0 replies; 3+ messages in thread
From: Joel Becker @ 2009-06-20 9:11 UTC (permalink / raw)
To: David Miller; +Cc: netdev
On Sat, Jun 20, 2009 at 01:05:14AM -0700, David Miller wrote:
> From: Joel Becker <Joel.Becker@oracle.com>
> Date: Fri, 19 Jun 2009 15:31:06 -0700
>
> > Hey Netfolk,
> > I have to assume you've seen
> > http://www.phrack.org/issues.html?issue=66&id=9&mode=txt. Does anyone
> > have a plan or opinion on the DoS? A way to mitigate it, a -EDONTCARE
> > opinion, anything?
>
> This is just like every other "DoS" out there where the attacker has
> to reveal it's IP identity to accomplish the attack, in that it is
> trivial to protect using netfilter by limiting the number of
> connections a host can make with your system.
Thanks Dave, I knew there was a reason this wasn't all that
scary.
Joel
--
"Hell is oneself, hell is alone, the other figures in it, merely projections."
- T. S. Eliot
Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker@oracle.com
Phone: (650) 506-8127
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-06-20 9:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-06-19 22:31 TCP Persist Timer DoS Joel Becker
2009-06-20 8:05 ` David Miller
2009-06-20 9:11 ` Joel Becker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.