From owner-freebsd-security@FreeBSD.ORG Mon Feb 4 16:48:49 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id EBFBFBEC; Mon, 4 Feb 2013 16:48:49 +0000 (UTC) (envelope-from fabian@wenks.ch) Received: from batman.home4u.ch (batman.home4u.ch [62.12.173.2]) by mx1.freebsd.org (Postfix) with ESMTP id 54D278D7; Mon, 4 Feb 2013 16:48:48 +0000 (UTC) X-Virus-Scanned: amavisd-new at home4u.ch Received: from flashback.wenks.ch (fabian@flashback.wenks.ch [IPv6:2001:8a8:1005:1:223:dfff:fedf:13c9]) (authenticated bits=0) by batman.home4u.ch (8.14.4/8.14.4) with ESMTP id r14GRGRv063066 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 4 Feb 2013 17:27:16 +0100 (CET) (envelope-from fabian@wenks.ch) Message-ID: <510FE164.6070502@wenks.ch> Date: Mon, 04 Feb 2013 17:27:16 +0100 From: Fabian Wenk User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org, freebsd-hubs@freebsd.org Subject: Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service" Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 16:48:50 -0000 Hello A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of Service" [1] on the Full-Disclosure mailing list. Is this a known issue to the FreeBSD community? [1] http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html There are also many ftp.*.freebsd.org mirrors listed in the above mention posting, so I also put freebsd-hubs@ into the recipient list. This will probably help, that ftp mirror operators are alerted and can take any action if needed. bye Fabian From owner-freebsd-security@FreeBSD.ORG Mon Feb 4 19:40:09 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 9FD3A170; Mon, 4 Feb 2013 19:40:09 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from relay.exonetric.net (relay0.exonetric.net [178.250.72.161]) by mx1.freebsd.org (Postfix) with ESMTP id 6FD4A8D2; Mon, 4 Feb 2013 19:40:09 +0000 (UTC) Received: from [192.168.0.13] (186.211.187.81.in-addr.arpa [81.187.211.186]) by relay.exonetric.net (Postfix) with ESMTPSA id 5A55A2C8EA; Mon, 4 Feb 2013 19:40:02 +0000 (GMT) Subject: Re: Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service" Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=us-ascii From: Mark Blackman In-Reply-To: <510FE164.6070502@wenks.ch> Date: Mon, 4 Feb 2013 19:40:01 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <440A56B8-FA9A-41C4-881E-F454D1B8DE75@exonetric.com> References: <510FE164.6070502@wenks.ch> To: Fabian Wenk X-Mailer: Apple Mail (2.1283) X-Mailman-Approved-At: Mon, 04 Feb 2013 21:01:45 +0000 Cc: freebsd-security@freebsd.org, freebsd-hubs@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 19:40:09 -0000 On 4 Feb 2013, at 16:27, Fabian Wenk wrote: > Hello >=20 > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial = of Service" [1] on the Full-Disclosure mailing list. Is this a known = issue to the FreeBSD community? >=20 > [1] = http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.ht= ml >=20 > There are also many ftp.*.freebsd.org mirrors listed in the above = mention posting, so I also put freebsd-hubs@ into the recipient list. = This will probably help, that ftp mirror operators are alerted and can = take any action if needed. I wasn't aware of this one, thanks for the heads up here. - Mark= From owner-freebsd-security@FreeBSD.ORG Mon Feb 4 21:29:00 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C3A3630D for ; Mon, 4 Feb 2013 21:29:00 +0000 (UTC) (envelope-from never@nevermind.kiev.ua) Received: from mail-vb0-f52.google.com (mail-vb0-f52.google.com [209.85.212.52]) by mx1.freebsd.org (Postfix) with ESMTP id 763EE11E for ; Mon, 4 Feb 2013 21:29:00 +0000 (UTC) Received: by mail-vb0-f52.google.com with SMTP id fa15so4139049vbb.39 for ; Mon, 04 Feb 2013 13:28:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=2k2Ulesc4BTTc5LDTTnLI4TMoXJfE3jZuFIaypHmjQo=; b=Epnhh5vh6zmpVUS/sT0WUwmyRdQ9KmvTXrF47FGdfu9BkHmcKd1sk3oXTX97sfHWCC mm4jHLWQ2P157iSRiYq8s9uCFOJ1B+83+u2KyGdjiM0X0rHwy6aNm626Y2P32oMJ7/0R lP9bfylufartiTz10TV/O4PjWtatANlFJJS9egh6nmyrV36jJrtxcruIDooSzrD8h29a c8KhCnhsa06YxZnYy10ZEcOYLUC/uMu0YcMp9iK3PP+2OErqqmEovlpgN03nIcyCUQav fK4A4mT5+dI59JgUl+rQHsPfTRPB976jtWYJH4He7l48WfroBF7H64UjYn7a+fTX82TN cCPw== MIME-Version: 1.0 X-Received: by 10.220.119.200 with SMTP id a8mr24176006vcr.38.1360013333543; Mon, 04 Feb 2013 13:28:53 -0800 (PST) Received: by 10.220.82.7 with HTTP; Mon, 4 Feb 2013 13:28:53 -0800 (PST) In-Reply-To: <510FE164.6070502@wenks.ch> References: <510FE164.6070502@wenks.ch> Date: Mon, 4 Feb 2013 23:28:53 +0200 Message-ID: Subject: Re: Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service" From: Alexandr Kovalenko To: Fabian Wenk Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlpK4EeGEUV8ddDAA8UN70mjOcv7rV+aaulIMCyxdipWvkN6EnsXFIZ11U/Rp0r7/HDgOTU Cc: freebsd-security@freebsd.org, freebsd-hubs@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 21:29:00 -0000 On Mon, Feb 4, 2013 at 6:27 PM, Fabian Wenk wrote: > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of > Service" [1] on the Full-Disclosure mailing list. Is this a known issue to > the FreeBSD community? > > [1] > http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html > > There are also many ftp.*.freebsd.org mirrors listed in the above mention > posting, so I also put freebsd-hubs@ into the recipient list. This will > probably help, that ftp mirror operators are alerted and can take any action > if needed. I can confirm this is an issue on stable/9 r245742. Though I hardly can call it DoS as normally ftp account is running with well-defined ulimits and proper ftpd usage pattern does not generate much CPU usage, so you can keep limits pretty much low, thus not being affected by so-called "DoS". Nevertheless any ideas on how to fix our glob(3)? Regards, Alexandr. From owner-freebsd-security@FreeBSD.ORG Mon Feb 4 22:01:41 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 3A236425; Mon, 4 Feb 2013 22:01:41 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by mx1.freebsd.org (Postfix) with ESMTP id A2D482DB; Mon, 4 Feb 2013 22:01:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id r14M1WXV083092; Tue, 5 Feb 2013 02:01:32 +0400 (MSK) (envelope-from marck@rinet.ru) Date: Tue, 5 Feb 2013 02:01:32 +0400 (MSK) From: Dmitry Morozovsky To: Alexandr Kovalenko Subject: Re: Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service" In-Reply-To: Message-ID: References: <510FE164.6070502@wenks.ch> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (woozle.rinet.ru [0.0.0.0]); Tue, 05 Feb 2013 02:01:32 +0400 (MSK) Cc: freebsd-hubs@freebsd.org, freebsd-security@freebsd.org, Fabian Wenk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Feb 2013 22:01:41 -0000 On Mon, 4 Feb 2013, Alexandr Kovalenko wrote: > On Mon, Feb 4, 2013 at 6:27 PM, Fabian Wenk wrote: > > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial of > > Service" [1] on the Full-Disclosure mailing list. Is this a known issue to > > the FreeBSD community? > > > > [1] > > http://lists.grok.org.uk/pipermail/full-disclosure/2013-February/089583.html > > > > There are also many ftp.*.freebsd.org mirrors listed in the above mention > > posting, so I also put freebsd-hubs@ into the recipient list. This will > > probably help, that ftp mirror operators are alerted and can take any action > > if needed. > > I can confirm this is an issue on stable/9 r245742. Though I hardly > can call it DoS as normally ftp account is running with well-defined > ulimits and proper ftpd usage pattern does not generate much CPU > usage, so you can keep limits pretty much low, thus not being affected > by so-called "DoS". > > Nevertheless any ideas on how to fix our glob(3)? Not the global fix, but workaround (kinda) for current situation, via dadv: Add to your /etc/login.conf ftp:\ :priority=20:\ :cputime=5: :tc=default: and rebuild yout login.conf database via cap_mkdb /etc/login.conf Than, apply newly create class to anonymous ftp user: pw usermod ftp -L ftp This should not affect regular ftp consumer, as they are hardly comsume host' resources, but will stop malicious anonymous users from eating your CPU resources. -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ From owner-freebsd-security@FreeBSD.ORG Tue Feb 5 14:22:33 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id AFCD61DF; Tue, 5 Feb 2013 14:22:33 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 5AA32BED; Tue, 5 Feb 2013 14:22:33 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id DC51E6AD3; Tue, 5 Feb 2013 14:22:25 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 93403ADD5; Tue, 5 Feb 2013 15:22:25 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Fabian Wenk Subject: Re: Full-Disclosure posting "FreeBSD 9.1 ftpd Remote Denial of Service" References: <510FE164.6070502@wenks.ch> Date: Tue, 05 Feb 2013 15:22:25 +0100 In-Reply-To: <510FE164.6070502@wenks.ch> (Fabian Wenk's message of "Mon, 04 Feb 2013 17:27:16 +0100") Message-ID: <86r4kulu1q.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, freebsd-hubs@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2013 14:22:33 -0000 Fabian Wenk writes: > A few days ago there was the posting "FreeBSD 9.1 ftpd Remote Denial > of Service" [1] on the Full-Disclosure mailing list. Is this a known > issue to the FreeBSD community? It's an old issue (first reported in 2010) which was fixed in head last December: http://svnweb.freebsd.org/base?view=3Drevision&revision=3D243779 I have no idea why it hasn't been merged. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Feb 6 16:54:13 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 9CBAFB74 for ; Wed, 6 Feb 2013 16:54:13 +0000 (UTC) (envelope-from andreas@romab.com) Received: from rot13.romab.com (rot13.romab.com [213.115.13.4]) by mx1.freebsd.org (Postfix) with ESMTP id 534A2904 for ; Wed, 6 Feb 2013 16:54:13 +0000 (UTC) Received: by rot13.romab.com (Postfix, from userid 1004) id 41BCB849; Wed, 6 Feb 2013 17:48:23 +0100 (CET) Received: from stiletto.u88.romab.com (localhost [127.0.0.1]) by rot13.romab.com (Postfix) with ESMTP id 2EE74847 for ; Wed, 6 Feb 2013 17:48:23 +0100 (CET) Message-ID: <5112895E.5050506@romab.com> Date: Wed, 06 Feb 2013 17:48:30 +0100 From: Andreas Jonsson User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130107 Thunderbird/17.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: FreeBSD 9.1 MAC Multilabel on nullfs X-Enigmail-Version: 1.5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2013 16:54:13 -0000 Hi List! Don't see much discussion about MAC here, time to change that! :-) Currently trying to set up a service jail, according to instructions in the handbook[1]. The problem I'm facing is that nullfs does not seem to support multilabeled filesystems, or am i missing something? ls -lZ /usr/js/testjail/var/run/test -rw-r--r-- 1 root wheel biba/equal 0 Feb 6 17:15 /usr/js/testjail/var/run/test Nullfs-mounting it inside the jail: ls -lZ /usr/j/testjail/s/var/run/test -rw-r--r-- 1 root wheel biba/high 0 Feb 6 17:15 /usr/j/testjail/s/var/run/test Currently, it looks like this: /usr/j/mroot on /usr/j/testjail (nullfs, local, nosuid, read-only) /usr/js/testjail on /usr/j/testjail/s (nullfs, local, nosuid) devfs on /usr/j/testjail/dev (devfs, local, multilabel) >From inside the jail, (where this directory is mounted), the following maclabel appears to be the following instead: # ls -lZ /var/run/test -rw-r--r-- 1 root wheel biba/high 0 Feb 6 16:15 /var/run/test Does the list have any suggestions for workarounds? One alternative would be to create a jail without shared root filesystems and skip nullfs, but perhaps there are other tricks i am not aware of? BR Andreas [1]. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-application.html From owner-freebsd-security@FreeBSD.ORG Thu Feb 7 13:33:30 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 0856EA33 for ; Thu, 7 Feb 2013 13:33:30 +0000 (UTC) (envelope-from mike@sentex.net) Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca [IPv6:2607:f3e0:0:1::12]) by mx1.freebsd.org (Postfix) with ESMTP id B5642E5E for ; Thu, 7 Feb 2013 13:33:29 +0000 (UTC) Received: from [192.168.43.26] (pyroxene.sentex.ca [199.212.134.18]) by smarthost1.sentex.ca (8.14.5/8.14.5) with ESMTP id r17DXQHv072659 for ; Thu, 7 Feb 2013 08:33:27 -0500 (EST) (envelope-from mike@sentex.net) Message-ID: <5113AD0F.7080909@sentex.net> Date: Thu, 07 Feb 2013 08:33:03 -0500 From: Mike Tancsa Organization: Sentex Communications User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: "freebsd-security@freebsd.org" Subject: new OpenSSL security issues X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.72 on 64.7.153.18 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2013 13:33:30 -0000 Three of them it seems http://www.openssl.org/news/secadv_20130205.txt -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/ From owner-freebsd-security@FreeBSD.ORG Thu Feb 7 18:24:59 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 60B7C9B6 for ; Thu, 7 Feb 2013 18:24:59 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id 500D9304 for ; Thu, 7 Feb 2013 18:24:59 +0000 (UTC) Received: from epsilon.delphij.net (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 703811CB20; Thu, 7 Feb 2013 10:24:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1360261498; bh=W5Wf10Z4Otdp/fY9RIGYqeq3nOeIQZKN3yrG/3HlLZM=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=x1qbYz9Gl0bT6vzLgsGYtLEGmOLvF1sXdkGpqBlJR91XEOrnMAwbgS6fesFfR3FZ4 BnzmJzJdXjTU0W3TM8Bs97SyN4jc11PNHEnJyr6XoYenqN2kci8WqlGtFiZTCxH1h3 Wa8a9qiHTW6F8tp2d0kHT9Vkk9H/7bVnXtQ4Yt+8= Message-ID: <5113F179.4070503@delphij.net> Date: Thu, 07 Feb 2013 10:24:57 -0800 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Mike Tancsa Subject: Re: new OpenSSL security issues References: <5113AD0F.7080909@sentex.net> In-Reply-To: <5113AD0F.7080909@sentex.net> X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2013 18:24:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Mike, On 02/07/13 05:33, Mike Tancsa wrote: > Three of them it seems > > http://www.openssl.org/news/secadv_20130205.txt Thanks, we are aware of this. Jung-uk already have a patchset that is pending review. Note that it seems that the new OpenSSL version have introduced a regression, by the way: http://www.mail-archive.com/openssl-dev@openssl.org/msg32009.html Cheers, - -- Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJRE/F5AAoJEG80Jeu8UPuzATkH/jojEHZID2IUDTpk45XFxmEJ +yxkY6fKKGyGZWnJlEzlVloP+UHbOe64qj1JbV/izvN4Kz0bhMd1IbDf8FNm0wym Ta94yc5gM2YLCcp6kbbvJci4b+YjRKCEj45hpbJVdY/KiBIfXe01/YFoANGuDDNs 0jgQOXNKnpV5ESv09o1yWeYy9hOThSAMyPMWg0/Eq+Li0t/lmQqJottrkkdkP5jM CXEfHwyW0LrXLC+/tMEaQ54tbozfK2HLw2kI/5p9HXzJtYBV6UVM3YKaSXZSGu/r p6b82tdnyaZb1lBdWEgy74AJ0fye50tHohusqeg6QBznyCAnppyiU5goJfT1oso= =BQiP -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri Feb 8 01:04:03 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 60840B0F for ; Fri, 8 Feb 2013 01:04:03 +0000 (UTC) (envelope-from andy@neu.net) Received: from mail.neu.net (neu.net [199.48.129.194]) by mx1.freebsd.org (Postfix) with ESMTP id 0ADFCB0D for ; Fri, 8 Feb 2013 01:04:02 +0000 (UTC) Received: from neu.net (neu.net [199.48.129.194]) by mail.neu.net (8.14.6/8.14.5) with ESMTP id r18141xH030841 for ; Thu, 7 Feb 2013 20:04:01 -0500 (EST) (envelope-from andy@neu.net) Date: Thu, 7 Feb 2013 20:04:01 -0500 (EST) From: AN To: freebsd-security@freebsd.org Subject: FYI - OpenSSL Security Advisory [05 Feb 2013] Message-ID: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: clamav-milter 0.97.6 at my.mail.server X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=4.5 tests=RP_MATCHES_RCVD autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.neu.net X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2013 01:04:03 -0000 SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169) http://www.mail-archive.com/openssl-announce@openssl.org/msg00124.html http://www.isg.rhul.ac.uk/tls/ From owner-freebsd-security@FreeBSD.ORG Sat Feb 9 23:31:01 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 8E70E7EB; Sat, 9 Feb 2013 23:31:01 +0000 (UTC) (envelope-from jim.howlett@outlook.com) Received: from snt0-omc3-s17.snt0.hotmail.com (snt0-omc3-s17.snt0.hotmail.com [65.55.90.156]) by mx1.freebsd.org (Postfix) with ESMTP id 6D05AD8C; Sat, 9 Feb 2013 23:31:01 +0000 (UTC) Received: from SNT002-W152 ([65.55.90.136]) by snt0-omc3-s17.snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Sat, 9 Feb 2013 15:29:55 -0800 X-EIP: [UBAc5h3xwGTaxJiNxvCMtDicEcioJfja] X-Originating-Email: [jim.howlett@outlook.com] Message-ID: From: James Howlett To: "freebsd-security@freebsd.org" , "freebsd-isp@freebsd.org" Subject: FreeBSD DDoS protection Date: Sun, 10 Feb 2013 00:29:55 +0100 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 09 Feb 2013 23:29:55.0611 (UTC) FILETIME=[5E3216B0:01CE071D] Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2013 23:31:01 -0000 Hi=2C I have a router running BGP and OSPF (bird) on FreeBSD. Are there any best practises one can take in order to protect the network f= rom DDoS attacks. I know this isn't easy. But I would like to secure my network as much as po= ssible. Even if I'am not able to prevent or block a ddos I would like to get some i= nfo (snmp trap parhaps) regarding the attack. Then I can contact my ISP or install an ACL on my router. Any help would be great. All best=2C jim =