Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Sep 2014 15:34:25 +0200
From:      n j <nino80@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp
Message-ID:  <CALf6cgY7M6cQ%2BODRGhnupz%2BNmM8H5f2CDPpFaiJT4kcQqTE2uw@mail.gmail.com>
In-Reply-To: <201409161014.s8GAE77Z070671@freefall.freebsd.org>
References:  <201409161014.s8GAE77Z070671@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

On Tue, Sep 16, 2014 at 12:14 PM, FreeBSD Security Advisories <
security-advisories@freebsd.org> wrote:

> IV.  Workaround
>
> It is possible to defend against these attacks with stateful traffic
> inspection using a firewall.  This can be done by enabling pf(4) on
> the system and creating states for every connection.  Even a default
> ruleset to allow all traffic would be sufficient to mitigate this
> issue.
>

Any chance of getting more information in Workaround section? Is the
workaround applicable only to pf or IPFW also helps? Perhaps an example
rule?


> VII. References
>
> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0230>;
>

2004? Wow, that's an old one.

Thanks,
-- 
Nino



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALf6cgY7M6cQ%2BODRGhnupz%2BNmM8H5f2CDPpFaiJT4kcQqTE2uw>