Re: [Patch] IPv4 TCP security impovement

jamal (hadi@cyberus.ca)
Sat, 9 Jan 1999 18:52:54 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Mares: "Re: PCI maintainer needed! - Please!"
Previous message: Jamie Lokier: "Re: Can and should the kernel HZ value be changed?"
Maybe in reply to: Joachim Baran: "[Patch] IPv4 TCP security impovement"
Next in thread: David S. Miller: "Re: [Patch] IPv4 TCP security impovement"

>> Doesn't this lead to a potential DoS ? For example, if someone ran
>> multiple scans against your box with faked IPs it could fill up the log
>> partition.
>I consider this as a joke. There are plenty of other
>methods to fill up a log partition. Also every good
>administrator should have taken advantages to avoid
>or handle this...

Of course it is an opportunity for a DoS.
Send to a closed socket; you dont send back a RST; aha! you are trying to
be a smartass .. i flood your logs with spoofed addresses (now that i know
you are logging them). And if you are not logging them your patch is
useless (because queso or nmap can still detect who you are).
Yes there are many ways to flood the logs but you are adding an extra one.

I kinda liked your solution; maybe you shouldnt have advertised it ;->

cheers,
jamal

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Mares: "Re: PCI maintainer needed! - Please!"
Previous message: Jamie Lokier: "Re: Can and should the kernel HZ value be changed?"
Maybe in reply to: Joachim Baran: "[Patch] IPv4 TCP security impovement"
Next in thread: David S. Miller: "Re: [Patch] IPv4 TCP security impovement"