Date: Thu, 27 Jan 2000 22:13:10 -0800 (PST) From: Warner Losh <imp@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/alpha/conf GENERIC src/sys/i386/conf GENERIC src/sys/netinet ip_icmp.c tcp_input.c Message-ID: <200001280613.WAA31303@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
imp 2000/01/27 22:13:10 PST
Modified files:
sys/alpha/conf GENERIC
sys/i386/conf GENERIC
sys/netinet ip_icmp.c tcp_input.c
Log:
Mitigate the stream.c attacks
o Drop all broadcast and multicast source addresses in tcp_input.
o Enable ICMP_BANDLIM in GENERIC.
o Change default to 200/s from 100/s. This will still stop the attack, but
is conservative enough to do this close to code freeze.
This is not the optimal patch for the problem, but is likely the least
intrusive patch that can be made for this.
Obtained from: Don Lewis and Matt Dillon.
Reviewed by: freebsd-security
Revision Changes Path
1.67 +2 -1 src/sys/alpha/conf/GENERIC
1.238 +2 -1 src/sys/i386/conf/GENERIC
1.39 +2 -2 src/sys/netinet/ip_icmp.c
1.105 +33 -17 src/sys/netinet/tcp_input.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001280613.WAA31303>