Date: Fri, 21 Jan 2000 09:43:34 -0700 (MST) From: David G Andersen <danderse@cs.utah.edu> To: brett@lariat.org (Brett Glass) Cc: rbezuide@oskar.dev.nanoteq.co.za (Reinier Bezuidenhout), robinson@netrinsics.com (Michael Robinson), freebsd-security@FreeBSD.ORG Subject: Re: stream.c workaround clarification Message-ID: <200001211643.JAA02231@faith.cs.utah.edu> In-Reply-To: <4.2.2.20000121093753.01a51ba0@localhost> from "Brett Glass" at Jan 21, 2000 09:40:50 AM
next in thread | previous in thread | raw e-mail | index | archive | help
Lo and behold, Brett Glass once said:
>
> At 02:46 AM 1/21/2000 , Reinier Bezuidenhout wrote:
>
> >Hi ..
> >
> >Is there any similar rules in IPFW that simulates this ??
>
> As I suspected, this is going to be the number one FAQ about
> this 'sploit.
>
> No, IPFW can't do it without assistance from another program,
> which has not yet been written.
And which I'd wager you won't want to do. The overhead of pushing the
acks into usermode will clobber you just as badly. Using divert sockets
like that is not particularly efficient, unless something major has
changed between 3 and 4.
-Dave
--
work: dga@lcs.mit.edu me: dga@pobox.com
MIT Laboratory for Computer Science http://www.angio.net/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001211643.JAA02231>