> Where? Is it a lwip bug? is it already solved in current cvs? (i'm
> using last 1.3.0 release)
Yes it was a bug in LwIP. See:
http://savannah.nongnu.org/bugs/index.php?24596
i suppose i have to spent some time to align my code to current cvs... or waiting 1.3.1 release!
> which tool i can use to simulate a flood attack
and debug the driver
> and the stack?
A good starting point would be nessus, which already
covers a huge load of vulnerability tests.
Other name-droppings would include:
- metasploit
- isic, ipload
- ettercap
... lots of others and basically everything from http://sectools.org/
:o)
thanks... i have just downloaded nessus... and thanks for the site!
> yes... i want to filer in the driver, not in lwip.. and i know...
it
> is not a definitive solution, but can mitigate the problem.
Still a SYN-Flood will create a lot of load and starve
resources. On an embedded device this can make the device unusable. Nothing
mitigated there.
i agree with you... but i have to try to do something...
> yes.... i said the same thing to our marketing....
"put the device
> behind a firewall!!".... but the answer was... security features
> inside the device are good marketing arguments.... :O|
Is it? Does marketing and customers care about security
features or just about the Sticker that says "super-secure inside"?
... the second you said, of course! I think if a customer realy care about security, he will use a firewall!!