From owner-freebsd-net  Tue Jan 18 14:10:24 2000
Delivered-To: freebsd-net@freebsd.org
Received: from x.arpa.com (x.arpa.com [199.245.173.5])
	by hub.freebsd.org (Postfix) with ESMTP id 4D31D150CC
	for <net@freebsd.org>; Tue, 18 Jan 2000 14:10:19 -0800 (PST)
	(envelope-from jamie@arpa.com)
Received: from jamie by x.arpa.com with local (Exim 2.05 #1 (Debian))
	id 12AgpO-0000gx-00; Tue, 18 Jan 2000 14:10:18 -0800
Date: Tue, 18 Jan 2000 14:10:18 -0800
From: jamiE rishaw - master e*tard <jamiE@arpa.com>
To: net@freebsd.org
Subject: stream
Message-ID: <20000118141018.B1178@x.arpa.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
X-Face: d=)
RFC_Violation: You saw it here first!
X-PGP-Fingerprint: <921C135D> C4 48 1B 26 18 7B 1F D9  BA C4 9C 7A B1 07 07 E8
X-No-Archive: Yes
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


  OK..

  New exploit out, 'stream'..

  Causes havoc on just about anything it touches.  I've seen BSD, Linux,
F5 boxen all melt under this new attack.

  I'm told (tho I can't confirm) that it sends packets through with
the established bit already set.

  This is bad.

  Packets like this will sail through most firewalls and ACL's.

  Anyone have more info?  Want to share?  Patches?

-jamie
-- 
i am jamie at arpa dot com                       this is a no plur zone.

                        "silly raver, k is for cats!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message