From owner-freebsd-net@FreeBSD.ORG  Sat Apr 24 08:01:08 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B579316A4CE
	for <net@freebsd.org>; Sat, 24 Apr 2004 08:01:08 -0700 (PDT)
Received: from out008.verizon.net (out008pub.verizon.net [206.46.170.108])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4EA4043D39
	for <net@freebsd.org>; Sat, 24 Apr 2004 08:01:08 -0700 (PDT)
	(envelope-from cswiger@mac.com)
Received: from mac.com ([68.160.247.127]) by out008.verizon.net
          (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
          id <20040424150107.WGQU27801.out008.verizon.net@mac.com>;
          Sat, 24 Apr 2004 10:01:07 -0500
Message-ID: <408A8127.6010908@mac.com>
Date: Sat, 24 Apr 2004 11:00:55 -0400
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7b) Gecko/20040316
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Alan Evans <evans.alan@sbcglobal.net>
References: <20040424144535.81824.qmail@web80106.mail.yahoo.com>
In-Reply-To: <20040424144535.81824.qmail@web80106.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authentication-Info: Submitted using SMTP AUTH at out008.verizon.net from
	[68.160.247.127] at Sat, 24 Apr 2004 10:01:07 -0500
cc: net@freebsd.org
Subject: Re: TCP vulnerability
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Apr 2004 15:01:08 -0000

Alan Evans wrote:
> I'm sure FreeBSD is vulnerable.
> 
> http://www.us-cert.gov/cas/techalerts/TA04-111A.html
> 
> There's a draft that (sort of) addresses this. Should
> we adopt it?

This issue is being discussed on freebsd-security now, and Mike Silbersack 
<silby@silby.com> has some patches available for review and testing.

-- 
-Chuck