Date: Thu, 20 Jan 2000 17:51:19 -0700 From: Brett Glass <brett@lariat.org> To: Darren Reed <avalon@coombs.anu.edu.au>, imp@village.org (Warner Losh) Cc: jamiE@arpa.com (jamiE rishaw - master e*tard), tom@uniserve.com (Tom), mike@sentex.net (Mike Tancsa), freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <4.2.2.20000120174826.01882ad0@localhost> In-Reply-To: <200001210040.LAA14428@cairo.anu.edu.au> References: <200001210034.RAA06762@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Darren: Glad to see you are in on this discussion. The code you use for the "keep state" option in IPFilters might be able to recognize that the ACK does not belong to an existing connection. Could a fast check be implemented as a rule under IPFilters? (If it could, it's probably a one-liner, but I'd need to figure out how to write it since I do not deal with IPFilters on a regular basis.) If not, it seems as if the framework might mostly be in place in your code. --Brett At 05:40 PM 1/20/2000 , Darren Reed wrote: >What versions of FreeBSD are known to be vulnerable to it ? > >There appears to be some confusion about whether or not it is a wide >spread problem. > >Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000120174826.01882ad0>