From owner-freebsd-net  Tue Jan 18 17:54:47 2000
Delivered-To: freebsd-net@freebsd.org
Received: from ikhala.tcimet.net (ikhala.tcimet.net [198.109.166.215])
	by hub.freebsd.org (Postfix) with ESMTP id 7F6EE14DBE
	for <net@FreeBSD.ORG>; Tue, 18 Jan 2000 17:54:42 -0800 (PST)
	(envelope-from dervish@ikhala.tcimet.net)
Received: (from dervish@localhost)
	by ikhala.tcimet.net (8.9.3/8.9.3) id VAA15521;
	Tue, 18 Jan 2000 21:20:35 -0500 (EST)
	(envelope-from dervish)
Date: Tue, 18 Jan 2000 21:20:35 -0500
From: bush doctor <dervish@ikhala.tcimet.net>
To: jamiE rishaw - master e*tard <jamiE@arpa.com>
Cc: net@FreeBSD.ORG
Subject: Re: stream
Message-ID: <20000118212035.B63284@ikhala.tcimet.net>
References: <20000118141018.B1178@x.arpa.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <20000118141018.B1178@x.arpa.com>; from jamiE@arpa.com on Tue, Jan 18, 2000 at 02:10:18PM -0800
X-Operating-System: FreeBSD 4.0-CURRENT i386
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Out of da blue jamiE rishaw - master e*tard aka (jamiE@arpa.com) said:
> 
>   OK..
> 
>   New exploit out, 'stream'..
> 
>   Causes havoc on just about anything it touches.  I've seen BSD, Linux,
> F5 boxen all melt under this new attack.
> 
>   I'm told (tho I can't confirm) that it sends packets through with
> the established bit already set.
> 
>   This is bad.
> 
>   Packets like this will sail through most firewalls and ACL's.
> 
>   Anyone have more info?  Want to share?  Patches?
> 
> -jamie
> -- 
> i am jamie at arpa dot com                       this is a no plur zone.
> 
>                         "silly raver, k is for cats!"
> 

Where did you here of this?  Where can we find out more?

#:^)
-- 
So ya want ta hear da roots?
bush doctor <dervish@ikhala.tcimet.net>
	Of course I run FreeBSD!!
	http://www.freebsd.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message