Re: TCP RST attack
From: Tadaaki Nagao (nagao_at_iij.ad.jp)
Date: 04/21/04
- Previous message: Jacques A. Vidrine: "Re: TCP RST attack"
- In reply to: Jacques A. Vidrine: "Re: TCP RST attack"
- Next in thread: Mike Tancsa: "Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Apr 2004 22:24:27 +0900 (JST) To: nectar@freebsd.org
In "Re: TCP RST attack",
"Jacques A. Vidrine" <nectar@freebsd.org> wrote:
> On Tue, Apr 20, 2004 at 01:32:40PM -0700, Dragos Ruiu wrote:
> > Also keep in mind ports are predictable to varying degrees depending on
> > the vendor or OS, which further reduces the brute force space you have to
> > go though without sniffing.
>
> This is exactly why I ported OpenBSD's TCP ephemeral port allocation
> randomization to FreeBSD-CURRENT (although I asked Mike Silby to commit
> it for me and take the blame if it broke :-). It will also be MFC'd
> shortly in time for 4.10-RELEASE.
That sounds great! But a question arose in my mind... I think it'll
improve FreeBSD as a client OS, but as a server OS it doesn't seem to
help much (actually, any ;-).
Is there any action planned to implement some kind of countermeasure
for FreeBSD servers?
Thanks,
Tadaaki Nagao <nagao@iij.ad.jp>
System Design and Development Division, Internet Initiative Japan Inc.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jacques A. Vidrine: "Re: TCP RST attack"
- In reply to: Jacques A. Vidrine: "Re: TCP RST attack"
- Next in thread: Mike Tancsa: "Other possible protection against RST/SYN attacks (was Re: TCP RST attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
