From owner-freebsd-security  Thu Oct 17 12:35:30 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C0D6737B401
	for <freebsd-security@FreeBSD.ORG>; Thu, 17 Oct 2002 12:35:28 -0700 (PDT)
Received: from fubar.adept.org (fubar.adept.org [63.147.172.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 744B443E3B
	for <freebsd-security@FreeBSD.ORG>; Thu, 17 Oct 2002 12:35:28 -0700 (PDT)
	(envelope-from mike@adept.org)
Received: by fubar.adept.org (Postfix, from userid 1001)
	id 13D4915314; Thu, 17 Oct 2002 12:35:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by fubar.adept.org (Postfix) with ESMTP
	id 119341530F; Thu, 17 Oct 2002 12:35:12 -0700 (PDT)
Date: Thu, 17 Oct 2002 12:35:12 -0700 (PDT)
From: Mike Hoskins <mike@adept.org>
To: David Schultz <dschultz@uclink.Berkeley.EDU>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: CERT VU#539363
In-Reply-To: <20021017115233.GA10789@HAL9000.homeunix.com>
Message-ID: <20021017122854.G6449-100000@fubar.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 17 Oct 2002, David Schultz wrote:
> I just read the latter advisory you referred to.  It appears to be
> based on the paper by Stephen Gill that it cites, and the author
> of the advisory doesn't seem to realize that the described
> vulnerabilities aren't new or recently discovered.

Yes, they've existed as long as state tables have.

> variants.  That said, I still find the problem of intelligently
> managing firewall state very interesting.

That was my primary reason for bringing this to -security.  (The second
being to see if we had a readied response.)  I knew the issues discussed
were nothing knew, as I think anyone running stateful firewalls has known
for quite some time...  I just wanted to see official opinion about our
implementation.

> [1]  Paxson, V.  Bro: A System for Detecting Network Intruders in
>      Real-Time.  Berkeley, 1999.  ftp://ftp.ee.lbl.gov/papers/bro-CN99.ps.gz

Ahh, the alma matter.  Touche, I'm reading it now.  ;)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message