Date: Fri, 1 Jul 2005 13:15:07 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Daniel Hartmeier <daniel@benzedrine.cx> Cc: freebsd-pf@freebsd.org Subject: Re: Fwd: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-05:15.tcp Message-ID: <20050701111506.GB45821@eddie.nitro.dk> In-Reply-To: <20050701110105.GS26761@insomnia.benzedrine.cx> References: <200506292155.j5TLt4cE008219@freefall.freebsd.org> <787dcac205063007324170b6e4@mail.gmail.com> <20050701110105.GS26761@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 2005.07.01 13:01:05 +0200, Daniel Hartmeier wrote: > On Thu, Jun 30, 2005 at 09:32:27AM -0500, BB wrote: > > > I assume without upgrading the mighty pf would handle this ? > > Yes. > > The unpatched vulnerability can be exploited (to stall a connection) by > spoofing only four (4) small packets, by choosing random sequence and > timestamp values and their integer opposites[1]. Hence, exploiting it is > relatively cheap, quick, and reliable. Note that there is also another vulnerability (addressed in the same advisory) here where there FreeBSD TCP stack accepted a SYN packet for an established connection. I would assume that pf's packet scrubbing would handle that and not let a SYN packet through for an established connection? -- Simon L. Nielsen [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCxSW6h9pcDSc1mlERAiSHAJ9NsBnPMflWZl33gacJfI8McbdNBwCeLm5/ zO8WDRhFWHu4oO8VRjfe8bo= =wNpP -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050701111506.GB45821>