TCP RST attack
Tadaaki Nagao
nagao at iij.ad.jp
Wed Apr 21 06:24:34 PDT 2004
In "Re: TCP RST attack",
"Jacques A. Vidrine" <nectar at freebsd.org> wrote:
> On Tue, Apr 20, 2004 at 01:32:40PM -0700, Dragos Ruiu wrote:
> > Also keep in mind ports are predictable to varying degrees depending on
> > the vendor or OS, which further reduces the brute force space you have to
> > go though without sniffing.
>
> This is exactly why I ported OpenBSD's TCP ephemeral port allocation
> randomization to FreeBSD-CURRENT (although I asked Mike Silby to commit
> it for me and take the blame if it broke :-). It will also be MFC'd
> shortly in time for 4.10-RELEASE.
That sounds great! But a question arose in my mind... I think it'll
improve FreeBSD as a client OS, but as a server OS it doesn't seem to
help much (actually, any ;-).
Is there any action planned to implement some kind of countermeasure
for FreeBSD servers?
Thanks,
Tadaaki Nagao <nagao at iij.ad.jp>
System Design and Development Division, Internet Initiative Japan Inc.
More information about the freebsd-security
mailing list