From owner-freebsd-security Thu Jan 20 16:51:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 5ADBB154DE; Thu, 20 Jan 2000 16:51:49 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id RAA11524; Thu, 20 Jan 2000 17:51:21 -0700 (MST) Message-Id: <4.2.2.20000120174826.01882ad0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 20 Jan 2000 17:51:19 -0700 To: Darren Reed , imp@village.org (Warner Losh) From: Brett Glass Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Cc: jamiE@arpa.com (jamiE rishaw - master e*tard), tom@uniserve.com (Tom), mike@sentex.net (Mike Tancsa), freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, security-officer@FreeBSD.ORG In-Reply-To: <200001210040.LAA14428@cairo.anu.edu.au> References: <200001210034.RAA06762@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren: Glad to see you are in on this discussion. The code you use for the "keep state" option in IPFilters might be able to recognize that the ACK does not belong to an existing connection. Could a fast check be implemented as a rule under IPFilters? (If it could, it's probably a one-liner, but I'd need to figure out how to write it since I do not deal with IPFilters on a regular basis.) If not, it seems as if the framework might mostly be in place in your code. --Brett At 05:40 PM 1/20/2000 , Darren Reed wrote: >What versions of FreeBSD are known to be vulnerable to it ? > >There appears to be some confusion about whether or not it is a wide >spread problem. > >Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message