From owner-freebsd-hackers Sat Nov 29 10:20:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA12418 for hackers-outgoing; Sat, 29 Nov 1997 10:20:37 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from misery.sdf.com (misery.sdf.com [204.244.210.193]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id KAA12406 for ; Sat, 29 Nov 1997 10:20:31 -0800 (PST) (envelope-from tom@sdf.com) Received: from tom by misery.sdf.com with smtp (Exim 1.73 #1) id 0xbqt2-0001Fp-00; Sat, 29 Nov 1997 09:41:00 -0800 Date: Sat, 29 Nov 1997 09:40:53 -0800 (PST) From: Tom To: Alex cc: "Daniel J. O'Connor" , Daniel Leeds , hackers@freebsd.org Subject: Re: land patch? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 29 Nov 1997, Alex wrote: > On Sat, 29 Nov 1997, Daniel J. O'Connor wrote: > > > > is there a patch for freebsd 2.2.5 to defeat the land attack? > > > is it just one file in the kernel source tree that needs to be > > > rebuilt with the newest code? > > I tried this on my 2.2.2 machine, and it survived with no problems! :) > > Ditto for teardrop. > > According to someone on BugTraq, a bug was "fixed" with the tcp-stack > after 2.2.2, that makes 2.2.5 machines vunerable to these attacks. > Patches should have already been checked into the source tree, and can be > retreived via cvsup or ctm (see the handbook > http://www.freebsd.org/handbook). However, it is very unclear what the effect of the this bug was. land.c certainly doesn't seem to hang FreeBSD, but it does mess with the stack a bit. Using tcpdump on an old FreeBSD system, the land.c seems to cause a packet to repeat over and over again. It seems to eat up some CPU, and some buffer space. > - alex Tom