From owner-freebsd-security Fri Jan 21 8:43:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108]) by hub.freebsd.org (Postfix) with ESMTP id 7F78B15499 for ; Fri, 21 Jan 2000 08:43:50 -0800 (PST) (envelope-from danderse@cs.utah.edu) Received: (from danderse@localhost) by faith.cs.utah.edu (8.9.3/8.9.3) id JAA02231; Fri, 21 Jan 2000 09:43:35 -0700 (MST) From: David G Andersen Message-Id: <200001211643.JAA02231@faith.cs.utah.edu> Subject: Re: stream.c workaround clarification To: brett@lariat.org (Brett Glass) Date: Fri, 21 Jan 2000 09:43:34 -0700 (MST) Cc: rbezuide@oskar.dev.nanoteq.co.za (Reinier Bezuidenhout), robinson@netrinsics.com (Michael Robinson), freebsd-security@FreeBSD.ORG In-Reply-To: <4.2.2.20000121093753.01a51ba0@localhost> from "Brett Glass" at Jan 21, 2000 09:40:50 AM X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lo and behold, Brett Glass once said: > > At 02:46 AM 1/21/2000 , Reinier Bezuidenhout wrote: > > >Hi .. > > > >Is there any similar rules in IPFW that simulates this ?? > > As I suspected, this is going to be the number one FAQ about > this 'sploit. > > No, IPFW can't do it without assistance from another program, > which has not yet been written. And which I'd wager you won't want to do. The overhead of pushing the acks into usermode will clobber you just as badly. Using divert sockets like that is not particularly efficient, unless something major has changed between 3 and 4. -Dave -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message