From owner-freebsd-audit Mon Dec 6 7:57:41 1999 Delivered-To: freebsd-audit@freebsd.org Received: from smtp.manhattanprojects.com (smtp.manhattanprojects.com [207.181.119.22]) by hub.freebsd.org (Postfix) with ESMTP id 5D48315319; Mon, 6 Dec 1999 07:57:38 -0800 (PST) (envelope-from gerald@manhattanprojects.com) Received: from manhattanprojects.com (xs.lab.glc.com [10.0.0.14]) by smtp.manhattanprojects.com (8.9.1/8.8.7) with ESMTP id KAA27333; Mon, 6 Dec 1999 10:49:16 -0500 (EST) (envelope-from gerald@manhattanprojects.com) Message-ID: <384BDCF0.7CA47AA8@manhattanprojects.com> Date: Mon, 06 Dec 1999 10:57:36 -0500 From: Gerald Abshez X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: arp.c patch References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Kris Kennaway wrote: > > This one isn't likely exploitable, but it's still a small buffer overflow. > arp looks okay apart from this. Hmmm. A while back, a friend and I were discussing Firewalling and arp. It seems that arp accepted packets from anywhere. This was a problem, as my friend had a firewall, and someone had (improperly) hooked up a machine with an IP on the public side of the internet that corresponded with a machine on the private net. The firewall would simply move the address back and forth between the various interfaces. The traffic wouldn't go out, since it was blocked by the firewall, but I did think that this was an issue. (It's a DOS attack) I'm not sure that this has been addressed, and I thought I'd mention it since your patch reminded me of it. Gerald. -- This is your FreeBSD -- Where do YOU want to go tommorow? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message