From owner-freebsd-questions@FreeBSD.ORG Tue Apr 20 13:24:30 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 843ED16A4CF for ; Tue, 20 Apr 2004 13:24:30 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (happy-idiot-talk.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id BEF6A43D60 for ; Tue, 20 Apr 2004 13:24:29 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i3KKOJAe036427 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 Apr 2004 21:24:19 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i3KKOJeT036426; Tue, 20 Apr 2004 21:24:19 +0100 (BST) (envelope-from matthew) Date: Tue, 20 Apr 2004 21:24:19 +0100 From: Matthew Seaman To: Aaron Sloan Message-ID: <20040420202419.GC35510@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Aaron Sloan , freebsd-questions@freebsd.org References: <1082472751.42726.1.camel@slick.slickhome.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Sr1nOIr3CvdE5hEN" Content-Disposition: inline In-Reply-To: <1082472751.42726.1.camel@slick.slickhome.net> User-Agent: Mutt/1.5.6i X-Virus-Scanned: clamd / ClamAV version devel-20040420, clamav-milter version 0.70k X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: tcp vulnerablity and freebsd? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Apr 2004 20:24:30 -0000 --Sr1nOIr3CvdE5hEN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 20, 2004 at 02:53:46PM +0000, Aaron Sloan wrote: > Is the TCP vulnerability something to worry about in Freebsd? >=20 > http://www.osvdb.org/displayvuln.php?osvdb_id=3D4030 Nothing has been announced -- it's a matter under discussion on the freebsd-security@ list right now, so the Security Team certainly knows about the problem. However an educated guess would be that since 'Nokia IPSO' products are vulnerable, other BSD derived systems probably are as well. Note that this attack seems to apply to the majority of pieces of kit capable of emitting TCP/IP traffic, so even if your FreeBSD kit gets fixed in short order, you'll probably still be vulnerable to attacks against your ISP or intermediate systems between you and the sites you want to communicate with. Very bad news that this was broken to the public before all the vendors had a chance to put fixes in place. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --Sr1nOIr3CvdE5hEN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAhYbzdtESqEQa7a0RAn5vAJ9TJvnOJ5h2Jy3FmPcmjtvF/8z7OACfaEum 55nfC7YW6wCmXBfIzYxrK5I= =aD/x -----END PGP SIGNATURE----- --Sr1nOIr3CvdE5hEN--