From owner-freebsd-net Sat Nov 2 17:27:51 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DCEF37B401 for ; Sat, 2 Nov 2002 17:27:50 -0800 (PST) Received: from terror.org.pl (terror.icm.edu.pl [193.219.28.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id D744843E6E for ; Sat, 2 Nov 2002 17:27:49 -0800 (PST) (envelope-from ofca@terror.org.pl) Received: from ofca (helo=localhost) by terror.org.pl with local-esmtp id 1889Xx-0007Ei-00; Sun, 03 Nov 2002 02:27:25 +0100 Date: Sun, 3 Nov 2002 02:27:25 +0100 (CET) From: Pawel Tyll X-X-Sender: ofca@terror.org.pl To: brian@awfulhak.org Cc: net@freebsd.org Subject: PPPoEd Bug. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Brian, Today, after few hours of fighting with FreeBSD, I found one nasty bug in your PPPoEd implementation. It all started with accidental patching of RASPPPoE windows PPPoE client (http://user.cs.tu-berlin.de/~normanb/). There is a patch for RASPPPoE, which allows it to connect to non-RFC compliant PPPoE servers, like 3Com modems. PPPoEd supports such clients, however - after processing request from such client, it doesn't talk to normal RFC-compliant clients anymore :( - it looks like a quite nice DoS attack possibility for me, ISP, lots of RFC-compliant users, and one kiddie with patched RASPPPoE...Patched clients can connect without problems, PPPoE receives requests from normal clients, however it (probably - didn't check it) answers them with modified ether-type, which makes it impossible for them to 'hear' the answer. Hope you can come up with a fix soon :) Best regards, Pawel 'ofca' Tyll. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message