Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect

netdev

Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect

To:	Willy Tarreau <willy@xxxxxxxxx>
Subject:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.)
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Sun, 12 Jun 2005 18:13:27 +1000
Cc:	davem@xxxxxxxxxxxxx, xschmi00@xxxxxxxxxxxxxxxxxx, alastair@xxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to:	<20050611195144.GF28759@alpha.home.local>
References:	<20050611074350.GD28759@alpha.home.local> <E1DhBic-0005dp-00@gondolin.me.apana.org.au> <20050611195144.GF28759@alpha.home.local>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.9i

On Sat, Jun 11, 2005 at 09:51:44PM +0200, Willy Tarreau wrote:
> 
> Please note that if I only called it "small DoS", it's clearly because
> I don't consider this critical, but I think that most people involved
> in security will find that DoSes based on port guessing should be
> addressed when possible.

Sorry but this patch is pointless.  If I wanted to prevent you from
connecting to www.kernel.org 80 and I knew your source port number
I'd be directly sending you fake SYN-ACK packets which will kill
your connection immediately.

If you want reliability and security you really should be using IPsec.
There is no other way.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu <= Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Thomas Graf Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Herbert Xu Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau

Previous by Date:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Next by Date:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Previous by Thread:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Next by Thread:	Re: [PATCH] fix small DoS on connect() (was Re: BUG: Unusual TCP Connect() results.), Willy Tarreau
Indexes:	[Date] [Thread] [Top] [All Lists]