Date: Thu, 20 Jan 2000 22:43:57 -0700 From: Brett Glass <brett@lariat.org> To: Mikhail Teterin <mi@kot.ne.mediaone.net>, Darren Reed <avalon@coombs.anu.edu.au> Cc: Warner Losh <imp@village.org>, jamiE rishaw - master e*tard <jamiE@arpa.com>, Tom <tom@uniserve.com>, Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <4.2.2.20000120223838.019309d0@localhost> In-Reply-To: <200001210531.AAA26807@rtfm.newton> References: <200001210421.PAA25285@cairo.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Unfortunately, no. IPFW is stateless (at least from packet to packet). This makes it compact and fast but unable to detect or handle some situations by itself. You could write a daemon that hung off of a divert(4) socket (as natd does) to do this, but serious juju would be required. --Brett At 10:31 PM 1/20/2000 , Mikhail Teterin wrote: >Can a similar rule be created for ipfw? Thanks! > > -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000120223838.019309d0>