This is the wrong mailing list, you should send this to the -security list.
By the way, this kind of attack isn't really new (as far as I can tell from the few information that have been made public so far). One way to mitigate it is to limit the number of open connections per remote IP address; you can easily do that with PF or IPFW ("limit" option). Best regards Oliver Lukasz Jaroszewski <[EMAIL PROTECTED]> wrote: > Hi, > I am wondering about sockstres informations recently published. I cant > really figure what new they could found. Do we have anything to worry about? > ;-) > > http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332898,00.html > > ``(...)Sockstress computes and stores so-called client-side SYN cookies and > enables Lee and Louis to specify a destination port and IP address. The > method allows them to complete the TCP handshake without having to store any > values, which takes time and resources. "We can then say that we want to > establish X number of TCP connections on that address and that we want to > use this attack type, and it does it," Lee said.(...)'' > > ``(...)Lee said that when and _if_ specific vendors develop workarounds for > the issues, they will release details of those issues.(...)'' > > Was FreeBSD team contacted? ;) > -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "Unix gives you just enough rope to hang yourself -- and then a couple of more feet, just to be sure." -- Eric Allman _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"