From owner-freebsd-security  Thu Nov 20 12:09:26 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id MAA02794
          for security-outgoing; Thu, 20 Nov 1997 12:09:26 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from biggusdiskus.flyingfox.com (biggusdiskus.flyingfox.com [206.14.52.27])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA02788
          for <freebsd-security@freebsd.org>; Thu, 20 Nov 1997 12:09:23 -0800 (PST)
          (envelope-from jas@flyingfox.com)
Received: (from jas@localhost)
	by biggusdiskus.flyingfox.com (8.8.5/8.8.5) id MAA29126;
	Thu, 20 Nov 1997 12:10:35 -0800 (PST)
Date: Thu, 20 Nov 1997 12:10:35 -0800 (PST)
From: Jim Shankland <jas@flyingfox.com>
Message-Id: <199711202010.MAA29126@biggusdiskus.flyingfox.com>
To: freebsd-security@freebsd.org, Martin.Machacek@eunet.cz
Subject: Re: new TCP/IP bug in win95 (fwd)
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Martin Machacek <Martin.Machacek@eunet.cz> writes:

> I've tried the exploit against FreeBSD 2.2.2, 2.2.5 and 3.0-current
> and the results were interesting. FreeBSD 2.2.2 does not seem to be
> vulnerable, however both 2.2.5 and 3.0 froze.

I'd appreciate a pointer to, or a mailed copy of, the actual exploit
(I let my BUGTRAQ subscription lapse months ago).  I've modified the
FreeBSD TCP stack a bit, and want to see if I'm vulnerable, and fix it
if so.

> The problem is in my opinion not that critical because every decent network 
> should have IP spoofs filtered on the external router

Uh huh :-).  Well, this may increase the number of "decent networks."

(And lest anyone get any bright ideas about testing this for me:  yes,
my network is "decent.")

Jim Shankland
Flying Fox Computer Systems, Inc.