Home page logo

bugtraq logo Bugtraq mailing list archives

Re: FTP denial of service attack
From: antirez () INVECE ORG (antirez () INVECE ORG)
Date: Thu, 9 Dec 1999 11:17:13 +0100

On Tue, Dec 07, 1999 at 10:40:09PM +0100, bert hubert wrote:
The free unixes these days mostly come with packet filtering available by
default, these might be best off. One could imagine a 'libfilter' which
would easily allow daemons with the right permissions/capabilities to
instruct the kernel to not accept connections anymore from a certain host.

Also as osserved by Pancrazio De Mauro there are not reasons
to know the client IP only after accept(2) the connection.
The SYN packet contains the IP address so it's possible to
implement for example an accept2 that return just after SYN
was received so we can obtain the IP address and then use
accpet2_reset() to RST or accept2_ok() to follow the threeway
handshake. Since this can be implemented using new syscall
API compatibility is preserved, but this seems a lot better
than modify on the fly firewalling rules.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]