From owner-freebsd-net  Sun Feb 24 10:27:51 2002
Delivered-To: freebsd-net@freebsd.org
Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5499837B402; Sun, 24 Feb 2002 10:27:48 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020224182747.YVKE1147.rwcrmhc52.attbi.com@blossom.cjclark.org>;
          Sun, 24 Feb 2002 18:27:47 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g1OIRkb33740;
	Sun, 24 Feb 2002 10:27:46 -0800 (PST)
	(envelope-from cjc)
Date: Sun, 24 Feb 2002 10:27:46 -0800
From: "Crist J. Clark" <crist.clark@attbi.com>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Maxim Konovalov <maxim@macomnet.ru>, net@FreeBSD.ORG,
	Robert Watson <rwatson@FreeBSD.ORG>
Subject: Re: TCP Connections to a Broadcast Address
Message-ID: <20020224102746.Q16048@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20020223042828.E16048@blossom.cjclark.org> <20020223154842.G31228-100000@news1.macomnet.ru> <20020224084921.GC31243@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020224084921.GC31243@sunbay.com>; from ru@FreeBSD.ORG on Sun, Feb 24, 2002 at 10:49:21AM +0200
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Sun, Feb 24, 2002 at 10:49:21AM +0200, Ruslan Ermilov wrote:
> On Sat, Feb 23, 2002 at 03:49:55PM +0300, Maxim Konovalov wrote:
> > On 04:28-0800, Feb 23, 2002, Crist J. Clark wrote:
> > 
> > > On Sat, Feb 23, 2002 at 01:50:33PM +0200, Ruslan Ermilov wrote:
> > > [snip]
> > >
> > > > Nice catch!
> > >
> > > Igor M Podlesny <poige@morning.ru>, PR misc/35022, caught it. I just
> > > analyzed it.
> > 
> > Isn't kern/19722 about the same bug?
> > 
> Yes.

I think there are some different issues raised in this PR too. Like
the discussion in another part of this thread, PR 19722 states that
you can reach the broadcast address of interfaces other than the one
to which the attacker is directly attached. I have not been able to
reproduce this. I think it was fixed by revision 1.181 of ip_input.c.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message