Date: Thu, 20 Jan 2000 18:12:37 -0700 From: Brett Glass <brett@lariat.org> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: avalon@coombs.anu.edu.au (Darren Reed), imp@village.org (Warner Losh), jamiE@arpa.com (jamiE rishaw - master e*tard), tom@uniserve.com (Tom), mike@sentex.net (Mike Tancsa), freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, security-officer@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <4.2.2.20000120180821.0188d5c0@localhost> In-Reply-To: <200001210103.MAA20844@cairo.anu.edu.au> References: <4.2.2.20000120174826.01882ad0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 06:03 PM 1/20/2000 , Darren Reed wrote: >If you're using "flags S keep state" or "flags S/SA keep state", >then as far as I'm aware, having read the code, you are safe. This might be a workaround. What rule(s) would have to follow it to block the ACK? >I'm intrigued to know what the bug is. Reading the code, it is >hard to see how you could make a box fall over using it, unless >there were some serious problems in how random TCP ACK's were >handled. My guess is that there's a long code path, or other inefficiency, in the way the ACK is handled. Perhaps a linear search for the right socket instead of one that's more clevery implemented (e.g. search by port, then address, etc.). --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000120180821.0188d5c0>