From owner-freebsd-security  Fri Jan 21  9:17:20 2000
Delivered-To: freebsd-security@freebsd.org
Received: from dozer.skynet.be (dozer.skynet.be [195.238.2.36])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7A03A15500; Fri, 21 Jan 2000 09:17:14 -0800 (PST)
	(envelope-from blk@skynet.be)
Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121])
	by dozer.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id SAA10968;
	Fri, 21 Jan 2000 18:17:04 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@foxbert.skynet.be
Message-Id: <v04220802b4ae42004ea3@[195.238.1.121]>
In-Reply-To: 
 <Pine.A41.4.10.10001210852260.109950-100000@mead2.u.washington.edu>
References: 
 <Pine.A41.4.10.10001210852260.109950-100000@mead2.u.washington.edu>
Date: Fri, 21 Jan 2000 18:04:56 +0100
To: Brian Kraemer <kraemer@u.washington.edu>,
	Darren Reed <avalon@coombs.anu.edu.au>
From: Brad Knowles <blk@skynet.be>
Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit?
Cc: freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 8:55 AM -0800 2000/1/21, Brian Kraemer wrote:

>  If I'm not mistaken, this ruleset (and no other rules) will also
>  effectively block any outgoing TCP sessions initiated from this machine.
>  The machine will send a SYN, and then get blocked because the input rules
>  never saw an incoming SYN to start keeping state.

	In fact, that is precisely what happens.  I speak from experience.

	Maybe sometime Monday I can get a chance to look at this yet once 
again and figure out what the right rules should be.  I sure as hell 
ain't gonna be tryin' to make any more changes tonight....

-- 
   These are my opinions and should not be taken as official Skynet policy
  _________________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>                 Belgacom Skynet NV/SA |o|
|o| Systems Architect, Mail/News/FTP/Proxy Admin  Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.13.11/726.93.11          B-1140 Brussels       |o|
|o| http://www.skynet.be                          Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
     Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
      Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message