Re: linux kernel TCP, network connections and iptables

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Fri Sep 08 2000 - 03:26:33 EST

Next message: James Cownie: "[PATCH] Ptrace problem in 2.4.0-test7"
Previous message: Kenneth Johansson: "Re: test8-pre6 file corruption and oops"
Next in thread: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
Maybe reply: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
Maybe reply: kuznet@ms2.inr.ac.ru: "Re: linux kernel TCP, network connections and iptables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Well, it looks like you're getting hit with stream.c or raped.c and what
> I'm passing on is just what I picked up from a CERT guy at Usenix. He
> claimed that stream.c worked by exploiting a long path through the kernel
> to bring the machine to its knees.

The traces look more like a very primitive DDoS tool to be honest. stream is
pretty BSD specific though hit hard enough it works on any box. The thing
about stream is you can make it about 5 times more effective with tiny changes

The RST defence works well for most DDoS based rst causing attacks. It works
well because the average attacker is using tools not writing them

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Cownie: "[PATCH] Ptrace problem in 2.4.0-test7"
Previous message: Kenneth Johansson: "Re: test8-pre6 file corruption and oops"
Next in thread: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
Maybe reply: Andi Kleen: "Re: linux kernel TCP, network connections and iptables"
Maybe reply: kuznet@ms2.inr.ac.ru: "Re: linux kernel TCP, network connections and iptables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Sep 15 2000 - 21:00:10 EST