Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Jan 2000 17:51:19 -0700
From:      Brett Glass <brett@lariat.org>
To:        Darren Reed <avalon@coombs.anu.edu.au>, imp@village.org (Warner Losh)
Cc:        jamiE@arpa.com (jamiE rishaw - master e*tard), tom@uniserve.com (Tom), mike@sentex.net (Mike Tancsa), freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, security-officer@FreeBSD.ORG
Subject:   Re: bugtraq posts: stream.c - new FreeBSD exploit?
Message-ID:  <4.2.2.20000120174826.01882ad0@localhost>
In-Reply-To: <200001210040.LAA14428@cairo.anu.edu.au>
References:  <200001210034.RAA06762@harmony.village.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Darren:

Glad to see you are in on this discussion.

The code you use for the "keep state" option in IPFilters might be
able to recognize that the ACK does not belong to an existing
connection. Could a fast check be implemented as a rule under 
IPFilters? (If it could, it's probably a one-liner, but I'd need
to figure out how to write it since I do not deal with IPFilters
on a regular basis.) If not, it seems as if the framework might
mostly be in place in your code.

--Brett

At 05:40 PM 1/20/2000 , Darren Reed wrote:
   

>What versions of FreeBSD are known to be vulnerable to it ?
>
>There appears to be some confusion about whether or not it is a wide
>spread problem.
>
>Darren



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000120174826.01882ad0>