Date: Fri, 21 Jan 2000 18:04:56 +0100 From: Brad Knowles <blk@skynet.be> To: Brian Kraemer <kraemer@u.washington.edu>, Darren Reed <avalon@coombs.anu.edu.au> Cc: freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <v04220802b4ae42004ea3@[195.238.1.121]> In-Reply-To: <Pine.A41.4.10.10001210852260.109950-100000@mead2.u.washington.edu> References: <Pine.A41.4.10.10001210852260.109950-100000@mead2.u.washington.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 8:55 AM -0800 2000/1/21, Brian Kraemer wrote: > If I'm not mistaken, this ruleset (and no other rules) will also > effectively block any outgoing TCP sessions initiated from this machine. > The machine will send a SYN, and then get blocked because the input rules > never saw an incoming SYN to start keeping state. In fact, that is precisely what happens. I speak from experience. Maybe sometime Monday I can get a chance to look at this yet once again and figure out what the right rules should be. I sure as hell ain't gonna be tryin' to make any more changes tonight.... -- These are my opinions and should not be taken as official Skynet policy _________________________________________________________________________ |o| Brad Knowles, <blk@skynet.be> Belgacom Skynet NV/SA |o| |o| Systems Architect, Mail/News/FTP/Proxy Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.13.11/726.93.11 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04220802b4ae42004ea3>