From owner-freebsd-ipfw@FreeBSD.ORG  Wed Apr 14 06:09:16 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 47FE016A4CE
	for <freebsd-ipfw@freebsd.org>; Wed, 14 Apr 2004 06:09:16 -0700 (PDT)
Received: from pitt.sitel.com.ua (pitt.sitel.com.ua [217.27.144.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2631543D39
	for <freebsd-ipfw@freebsd.org>; Wed, 14 Apr 2004 06:09:14 -0700 (PDT)
	(envelope-from sd@buc.com.ua)
Received: from arrow.buc.com.ua (arrow.sitel.com.ua [217.27.145.61])
	by pitt.sitel.com.ua (8.12.9p2/8.12.9) with ESMTP id i3ED91Sr088933;
	Wed, 14 Apr 2004 16:09:03 +0300 (EEST)
	(envelope-from sd@buc.com.ua)
Received: by arrow.buc.com.ua (Postfix, from userid 1002)
	id 7840090058; Wed, 14 Apr 2004 16:08:28 +0000 (GMT)
Received: from buc.com.ua (unknown [192.168.13.97])
	by arrow.buc.com.ua (Postfix) with ESMTP
	id 5C42590053; Wed, 14 Apr 2004 16:08:28 +0000 (GMT)
Message-ID: <407D6210.1070202@buc.com.ua>
Date: Wed, 14 Apr 2004 16:08:48 +0000
From: Dmitry Surovtsev <sd@buc.com.ua>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020610
X-Accept-Language: ru, uk, en-us, en
MIME-Version: 1.0
To: "Devon H. O'Dell" <dodell@offmyserver.com>
References: <200403171648.i2HGmWwS015144@freefall.freebsd.org>
	<407D1E4F.4000500@buc.com.ua> <407D1F3A.6070607@offmyserver.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-ipfw@freebsd.org
Subject: Re: IPFW ECE Firewall Bypassing Exploit
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: sd@buc.com.ua
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2004 13:09:16 -0000

Thanks,
that's right, ouhh ;-)

i do not know why securiteam.com/ dated it _14 Apr 2004_.

Devon H. O'Dell wrote:

> Dmitry Surovtsev wrote:
>
>> securiteam news (http://www.securiteam.com/exploits/5CP0B0UCKU.html):
>>
>> A vulnerability in FreeBSD's implementation of packet filtering for IPv4
>> and IPv6 has been found. The vulnerability allows specially crafted
>> packets that are not part of an established connection to go through the
>> firewall. These special packets must have the ECE flag set, which is in
>> the TCP reserved options field.
>>
>>  [snip]
>
>
> Hello Dmitry,
>
> This bug was fixed circa three years ago. Please see the date on the 
> exploit.
>
> Kind regards,
>
> Devon H. O'Dell
>
>