Date: Wed, 12 Apr 2000 14:42:33 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> To: Graham Wheeler <gram@cequrux.com> Cc: hackers@FreeBSD.ORG Subject: Re: Determining traffic on a socket - solution and security question Message-ID: <200004121842.OAA30359@whizzo.transsys.com> In-Reply-To: Your message of "Wed, 12 Apr 2000 17:30:46 %2B0200." <38F496A6.1DE73643@cequrux.com> References: <53045.955453206@axl.ops.uunet.co.za> <38F31395.68EFE3EF@cequrux.com> <38F44460.391BD4B9@cequrux.com> <38F46F1C.1115AEDE@cequrux.com> <38F496A6.1DE73643@cequrux.com>
next in thread | previous in thread | raw e-mail | index | archive | help
These approaches work well, so long as the 32-bit sequence space doesn't wrap. At 100Mb/s, this wraps in about 6 minutes. Sure, most connections don't carry more than 4GB of data but you might be interested in the ones that do. This also is a problem for the counters in struct if_data that are of type u_long and are going to wrap way too quickly on busy high-speed network interfaces. louie gram@cequrux.com said: > I have attached my final program which works on both FreeBSD 2.x and > FreeBSD 3.x (I don't have a FreeBSD 4.x box to test this on yet). > On FreeBSD 2.x one must be root to run this (to read /dev/kmem), but > on FreeBSD 3.x any user can run this. > I would argue that this is a potential security vulnerability. Some > clever user may be able to exploit this for some protocols to > determine the lengths of usernames and passwords (admittedly this is > unlikely to work with telnet unless in line mode). The sysctl calls > that extract things like TCP control blocks should require privileged > access (although the downside of this is that programs like netstat > would have to be setuid). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004121842.OAA30359>