Date: Mon, 26 Jul 1999 11:28:06 -0600 From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: This from Bugtraq this weekend.... Message-ID: <4.2.0.58.19990726112737.045f3770@localhost>
next in thread | raw e-mail | index | archive | help
>Approved-By: aleph1@SECURITYFOCUS.COM >Delivered-To: BUGTRAQ@SECURITYFOCUS.COM >Date: Sat, 24 Jul 1999 01:26:28 +0000 >Reply-To: Scott <scott@ACRID.SCHEMATIX.NET> >Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> >From: Scott <scott@ACRID.SCHEMATIX.NET> >Subject: Re: Linux +ipchains+ ping -R >X-To: Andrej Todosic <atodosic@UBISOFT.QC.CA> >X-cc: BUGTRAQ@SECURITYFOCUS.COM >To: BUGTRAQ@SECURITYFOCUS.COM > >About 2 weeks ago someone made me aware of a similar bug in FreeBSD >with natd/ipfw. I tested it on my own computer (FreeBSD 3.2-STABLE) and >the result was an immediate result reboot without any logging. > >This firewall rule fixes the problem on my FreeBSD box. Adjust it >accordingly for the logging options, etc. Make sure its the 1st rule >listed. > > >deny log ip from any to any ipopt rr > > >-Scott > >On Thu, 22 Jul 1999, Andrej Todosic wrote: > > > Hello , > > > > i am not quite sure if this has been discussed or if htere is a fix already > > but i d still like to mention it. > > > > linux firewall setup 2.2.5 or 2.2.10 and ipchains + Nat + advanced router > > > > > > if you are less than nine hops away from it ping -R and ( assuming the fw > > lets the packets go through ) you get a kernel panic . > > > > > > You cant go wrong . i tried it on more than one firewall and more than one > > kernel. > > > > > > PS if you are testing it do make sure you are not going through the fw for a > > connection ( which how i screwed myself up and left the ping -R in the > > background ) > > > > > > > > > > Andrej > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990726112737.045f3770>