similar to: (OT) rfc1948 question

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

Dear list, A few days ago one of my machines were attacked by a DDoS-attack using UDP on random ports.. When I later on analyzed the logs, I found this in my dmesg: xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) I tried to find out on google what it ment, but without any luck. What does that mean and

In http://docs.freebsd.org/cgi/mid.cgi?200402260743.IAA18903 it seems RELENG_4 is vulnerable. Is there any work around to a system that has to have ports open ? Version: 1 2/18/2004@03:47:29 GMT >Initial report > <<https://ialert.idefense.com/KODetails.jhtml?irId=207650>https://ialert.idefense.com/KODetails.jhtml?irId=207650; >ID#207650: >FreeBSD Memory Buffer

Default,syncookies are activate when syn list(backlog queue) is full. I want hybrid system. I propose a system , syncookies active dynamic per connection . where will I write code , where syncookies system does call in the code file.

Forwarded message: > From full-disclosure-admin@lists.netsys.com Wed Apr 21 11:49:12 2004 > To: full-disclosure@lists.netsys.com > From: Darren Bounds <dbounds@intrusense.com> > Subject: [Full-Disclosure] IETF Draft - Fix for TCP vulnerability > Date: Tue, 20 Apr 2004 18:19:58 -0400 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > >

hi is there any way to build 4.8 release with this fstack protection? or atleast some ports is there any good info on this? the only page i found was that ibm page but it seemed outdated. //martin

Mike Silbersack wrote: > On Tue, 16 Sep 2003, Scott Long wrote: > > >>Patches have been floated on the mailing list that revert PAE in its >>various stages. Maybe those need to be brought back up. Silby? Tor? >> >>Scott > > > I believe that Tor's commit on August 30th resolved the PAE-related > problems, so there is no need for a reversion.

Hi, I got this error when i tried to type for some of those. "sysctl: unknown oid...." any idea.. my server seems to be very lagged, where else the network connection seems fine, i think BSD itself as my other redhat box is fine. What else can i do to get optimum protection. Thanks. ----- Original Message ----- From: "Per Engelbrecht" <per@xterm.dk> To:

Hi, secfolks. While reading ip_input.c I have met following lines: ;------------------------------------------------- /* 127/8 must not appear on wire - RFC1122 */ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { if ((m->m_pkthdr.rcvif->if_flags &

Hello, all! In the beginning I want to say, that this question seems to be a security one, isn't it so?.. Recently I was googling for the subject and coulnd't find anything... Even in the opennet.ru forum nobody answered me about this. So, as far as I got to know, randomizing source ports in FreeBSD is impossible now? (to be exact - is not implemented?) It's very interesting to me

Here's my proposed patch to change RST handling so that ESTABLISHED connections are subject to strict RST checking, but connections in other states are only subject to the "within the window" check. Part 2 of the patch is simply a patch to netstat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:20 Security Advisory FreeBSD, Inc. Topic: syncache/syncookies denial of service Category: core Module: net Announced: 2002-04-16

Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that

Greetings, all: OS: CentOS 6.4 x86_64 Kernel: 2.6.32-358.14.1 I could use some assistance with setting up pulse to load balance my dns servers. I've configured tcp and udp port 53 with the piranha gui, set up arptable rules on the real servers and added the virtual ip to the bond0 interface on the real servers, but I'm still having no luck in getting things going. A dig against the

Has anyone seen the recently published IETF draft regarding ICMP attacks against TCP? [http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-00.txt] I'm interested in any comments as to the vulnerability of FreeBSD's TCP to such attacks and the need for or usefulness of the various solutions proposed in the paper. Thanks, all - Steve -- Steve Zweep Senior Software

Attached is a security alert from Gentoo pertaining to clam antivirus. It seems that as of this morning, FreeBSD's ports still contain the affected version. Thank in advance, Tom Veldhouse -------------- next part -------------- An embedded message was scrubbed... From: Tim Yamin <plasmaroo@gentoo.org> Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Date:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm running stock FreeBSD with services running: samba (connections allowed only from local network), lpd (same), bind (all interfaces), apache (all), zope (local) This machine is home gateway/http/printserver. Recently some strange things happened as my printer all of sudden started to print stuff when nobody prints... luckily (or

As others have noted, Tor's patch appears to be a total solution to the recent instability the PAE patch introduced. So, if you're experiencing panics with a recent kernel, or are in a position to stress a machine, please cvsup and give it a test! Thanks, Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Sat, 30 Aug 2003 08:39:08 -0700 (PDT) From: Tor Egge

Hello Stephen, I may have tracked down some unexpected behaviour from a common bridge setup, and would like to incite expert oppinion on my observations. The issue relates to both 2.6 and 2.4 kernel series bridging code, and as far as I can see might have been present in all releases hitherto. Consider this setup: - two ethernet devices in a simple bridge configuration - bridge-interface

GENERIC kernel build, cvsup as of 21:37 October 1 2003: ../../vm/vm_map.c: In function `vm_init2': ../../vm/vm_map.c:190: `maxfiles' undeclared (first use in this function) ../../vm/vm_map.c:190: (Each undeclared identifier is reported only once ../../vm/vm_map.c:190: for each function it appears in.) *** Error code 1 Using the freebsd protector patch (anti stack smashing), FYI.