On Thu, 3 Oct 96 16:35:13 PDT Rob Liebschutz wrote:
They've made a big announcement about it, but the code doesn't yet appear to be on their ftp site. The announcement does not describe what approach they took to solving the problem (presumably something more then their existing patch for the larg PCB hash table). See http://www.bsdi.com/press/19961002.html for the full announcement.
It scares me to think how much effort has gone into defense against this one denial of service attack when there are endless possibilities for other ones.
Actually, they released a number of patches all at once, including (quoting the notice just sent out by polk@bsdi.com): The remainder of the patches (K210-021, K210-022, and U210-025) add support for IP source checking, and for reducing and/or eliminating problems associated with SYN attacks, IP fragment attacks, and some other denial of service/looped server attacks. Unfortunately, these are available only for BSD/OS 2.1 -- nothing for prior releases. William Sommers San Francisco Online Televolve, Inc. sommers@sfo.com