Im unconvinced. Where is the exploit documented ? If the exploit relies
on overwriting the tcp header remember that even the base firewall config
doesn't allow this.
> Certainly, AVL is terrible but taking into account that size of database
> may be huge, it is acceptable. Also, take into account that
> the same code may be used to kill timewait state, so that it is pure winning.
Except that I construct attacks to use massive amounts of AVL tree space.
Very easily in fact. On something like an appliance with 8Mb of RAM that
makes the AVL setup a non solution and something better is needed
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/