Re: Evil TCPD? (Was: Re: UseNet Gateway One Way ok?)

Ricky Beam (root@defiant.interpath.net)
Mon, 26 May 1997 19:49:45 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard Guenther: "Re: Emphasizing on the unimportant ;-)"
Previous message: Alan Cox: "Re: ISA bus and SLOW_DOWN_IO"
In reply to: Alan Cox: "Re: Evil TCPD? (Was: Re: UseNet Gateway One Way ok?)"

Letting the chips far where they may, I quote Alan Cox:
>> say? Well, if the kernel has the tcpd controlls or tcpd can get high enough
>> in the IP stack then it can do all sorts of evil IP level tricks:
>
>Wakey wakey ;) - man ipfwadm

Yeah, yeah, yeah... the firewalling code does a good job of preventing crap
from entering the network, but I don't want kernel memory wasted to block
thousands of sites/IP ranges. And figuing how often any of those sites
will try to connect, it makes even more sense to put this partically in user
space.

>> - Block the connection all together (silently drop the syn)
>> (ICMP dest unreachable)
>
>Can do those

I didn't think the firewall could "silently" drop the traffic.

>> The connection can be dropped anywhere from verification of the helo to the
>> '.' terminating the data [after hours of sending data at bytes per minute
>> speeds :-)]
>
>Sending a TCP MSS of 4 is quite funny

Doesn't the MSS include the TCP/IP header overhead? I wonder if the IP stack
would go nuts with an MSS of 0?! :-) [Oooo... MSS = 4, WIN = 1 ]

--Ricky

Next message: Richard Guenther: "Re: Emphasizing on the unimportant ;-)"
Previous message: Alan Cox: "Re: ISA bus and SLOW_DOWN_IO"
In reply to: Alan Cox: "Re: Evil TCPD? (Was: Re: UseNet Gateway One Way ok?)"