From owner-freebsd-security  Thu Jan 20 21:46: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id A935515624; Thu, 20 Jan 2000 21:46:00 -0800 (PST)
	(envelope-from brett@lariat.org)
Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id WAA15168;
	Thu, 20 Jan 2000 22:43:58 -0700 (MST)
Message-Id: <4.2.2.20000120223838.019309d0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Thu, 20 Jan 2000 22:43:57 -0700
To: Mikhail Teterin <mi@kot.ne.mediaone.net>,
	Darren Reed <avalon@coombs.anu.edu.au>
From: Brett Glass <brett@lariat.org>
Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit?
Cc: Warner Losh <imp@village.org>,
	jamiE rishaw - master e*tard <jamiE@arpa.com>,
	Tom <tom@uniserve.com>, Mike Tancsa <mike@sentex.net>,
	freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG
In-Reply-To: <200001210531.AAA26807@rtfm.newton>
References: <200001210421.PAA25285@cairo.anu.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Unfortunately, no. IPFW is stateless (at least from packet 
to packet). This makes it compact and fast but unable to 
detect or handle some situations by itself. 

You could write a daemon that hung off of a divert(4)
socket (as natd does) to do this, but serious juju would 
be required.

--Brett

At 10:31 PM 1/20/2000 , Mikhail Teterin wrote:

>Can a similar rule be created for ipfw? Thanks!
>
>         -mi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message