From owner-freebsd-security  Sun Jan 23 12:37: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from alcanet.com.au (mail.alcanet.com.au [203.62.196.10])
	by hub.freebsd.org (Postfix) with ESMTP id 001A314C06
	for <freebsd-security@FreeBSD.ORG>; Sun, 23 Jan 2000 12:36:58 -0800 (PST)
	(envelope-from jeremyp@gsmx07.alcatel.com.au)
Received: by border.alcanet.com.au id <115201>; Mon, 24 Jan 2000 07:37:32 +1100
Content-return: prohibited
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit?
In-reply-to: <4.2.2.20000121104707.016b3f00@localhost>; from brett@lariat.org
 on Sat, Jan 22, 2000 at 04:49:02AM +1100
To: Brett Glass <brett@lariat.org>
Cc: freebsd-security@FreeBSD.ORG
Message-Id: <00Jan24.073732est.115201@border.alcanet.com.au>
MIME-version: 1.0
X-Mailer: Mutt 1.0i
Content-type: text/plain; charset=us-ascii
References: <4.2.2.20000121095431.01a23a90@localhost>
 <4.2.2.20000121104707.016b3f00@localhost>
Date: Mon, 24 Jan 2000 07:37:32 +1100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 2000-Jan-22 04:49:02 +1100, Brett Glass <brett@lariat.org> wrote:
>Try tcp_restrict_rst in rc.conf. Not ideal but a good fast fix.

Note that this relies on the following kernel option (which isn't
in GENERIC):

# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets.
# This is useful on systems which are exposed to SYN floods (e.g. IRC servers)
# or any system which one does not want to be easily portscannable.
#
options         TCP_RESTRICT_RST        #restrict emission of TCP RST

Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message