From owner-freebsd-net  Mon Feb 25  0: 2: 5 2002
Delivered-To: freebsd-net@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id D16BE37B402; Mon, 25 Feb 2002 00:01:58 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g1P81EJ29324;
	Mon, 25 Feb 2002 10:01:14 +0200 (EET)
	(envelope-from ru)
Date: Mon, 25 Feb 2002 10:01:14 +0200
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: cjclark@alum.mit.edu
Cc: Maxim Konovalov <maxim@macomnet.ru>, net@FreeBSD.ORG,
	Robert Watson <rwatson@FreeBSD.ORG>
Subject: Re: TCP Connections to a Broadcast Address
Message-ID: <20020225080114.GA28900@sunbay.com>
References: <20020223042828.E16048@blossom.cjclark.org> <20020223154842.G31228-100000@news1.macomnet.ru> <20020224084921.GC31243@sunbay.com> <20020224102746.Q16048@blossom.cjclark.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020224102746.Q16048@blossom.cjclark.org>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Sun, Feb 24, 2002 at 10:27:46AM -0800, Crist J. Clark wrote:
> On Sun, Feb 24, 2002 at 10:49:21AM +0200, Ruslan Ermilov wrote:
> > On Sat, Feb 23, 2002 at 03:49:55PM +0300, Maxim Konovalov wrote:
> > > On 04:28-0800, Feb 23, 2002, Crist J. Clark wrote:
> > > 
> > > > On Sat, Feb 23, 2002 at 01:50:33PM +0200, Ruslan Ermilov wrote:
> > > > [snip]
> > > >
> > > > > Nice catch!
> > > >
> > > > Igor M Podlesny <poige@morning.ru>, PR misc/35022, caught it. I just
> > > > analyzed it.
> > > 
> > > Isn't kern/19722 about the same bug?
> > > 
> > Yes.
> 
> I think there are some different issues raised in this PR too. Like
> the discussion in another part of this thread, PR 19722 states that
> you can reach the broadcast address of interfaces other than the one
> to which the attacker is directly attached. I have not been able to
> reproduce this. I think it was fixed by revision 1.181 of ip_input.c.
> 
Nope, in revision 1.158.  1.181 only added hashed search optimizations.


Cheers,
-- 
Ruslan Ermilov		Sysadmin and DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message