Date: Thu, 20 Jan 2000 18:00:33 -0700 From: Brett Glass <brett@lariat.org> To: Warner Losh <imp@village.org> Cc: jamiE rishaw - master e*tard <jamiE@arpa.com>, Tom <tom@uniserve.com>, Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <4.2.2.20000120175659.0167ce60@localhost> In-Reply-To: <4.2.2.20000120173540.01a26100@localhost> References: <200001210034.RAA06762@harmony.village.org> <Your message of "Thu, 20 Jan 2000 17:32:03 MST." <4.2.2.20000120172607.0198f1e0@localhost> <4.2.2.20000120172607.0198f1e0@localhost> <Pine.BSF.4.02A.10001201232520.26367-100000@shell.uniserve.ca> <3.0.5.32.20000120152818.01d7fa40@staff.sentex.ca> <Pine.BSF.4.02A.10001201232520.26367-100000@shell.uniserve.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Oops.... I've answered my own question. IPFW's "established" keyword only checks the RST or ACK bits; it can't tell if a session is REALLY established or not. Only a firewall that can save state (such as IPFilters), or the kernel itself, can do this. It'd be neat if we could use IPFilters to do a temporary fix for this, because it'd nuke the problem on several OSes at once -- including all of the BSDs. (They all just happen to come with IPFilters out of the box now.) This way, when the skript kiddies reading Bugtraq start trying this, there will be an immediate defense. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000120175659.0167ce60>