From: John Young <jya@pipeline.com>
Date: Tue, 15 Oct 1996 17:20:47 -0700 (PDT)
To: cypherpunks@toad.com
Subject: SUN_syn
Message-ID: <1.5.4.16.19961016001859.0a0f3092@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


CIAC Bulletin H-02 issues Sun's thumb-busting god-dam-its for SYN flooding:


=============================================================================
         SUN MICROSYSTEMS SECURITY BULLETIN: #00136, 9 Oct 1996
=============================================================================

BULLETIN TOPICS

In this bulletin Sun discusses the TCP-based "SYN flood" denial-
of-service attack. We suggest ways to tune most Solaris/SunOS systems
to make them more resistant, and explain which releases and
configurations stand up best. We also discuss which customers are most
likely to be affected, and the degree to which firewalls and similar
insulating arrangements can protect an enterprise from this attack.

This Bulletin also describes the patches and other changes Sun commits
to making in the future in response to the emergence of such attacks.

This denial-of-service attack, which affects all operating systems
which implement the TCP protocol, has previously been discussed in
CERT(sm) Advisory CA-96.21, issued on 19 September 96. Attacks against
several prominent service providers have been well documented in the
last several weeks in Time magazine, the Wall Street Journal, and many
other national and international periodicals.

I.   What has Happened, Who is Affected, What to Do

II.  Understanding the Vulnerability

III. Technical Recommendations

IV.  Plans and Schedules



APPENDICES

A.   Queuing Capacity Vs. Attack Rates

B.   How to obtain Sun security patches

C.   How to report or inquire about Sun security problems

D.   How to obtain Sun security bulletins or short status updates

-----


http://jya.com/sunsyn.txt  (48 kb)


ftp://jya.com/pub/incoming/sunsyn.txt


SUN_syn