Date: Fri, 01 Mar 2002 13:37:05 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Leo Bicknell <bicknell@ufp.org> Cc: Luigi Rizzo <rizzo@icir.org>, Bob Bishop <rb@gid.co.uk>, "George V. Neville-Neil" <gnn@neville-neil.com>, Doug Ambrisko <ambrisko@ambrisko.com>, hackers@FreeBSD.ORG Subject: Re: Multicast problem with sis interface? Message-ID: <3C7FF481.991305A7@mindspring.com> References: <200203010557.VAA1802420@meer.meer.net> <rb@gid.co.uk> <4.3.2.7.2.20020222165515.00c14850@gid.co.uk> <200203010557.VAA1802420@meer.meer.net> <4.3.2.7.2.20020301112956.00c5b550@gid.co.uk> <20020301035623.A32974@iguana.icir.org> <20020301184123.GA5908@ussenterprise.ufp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Leo Bicknell wrote: > I point out both of these are security risks. Granted, fairly > minor, but they allow someone to get all/part of a previous packet's > data, when they should have it. This sort of thing has been used > as an attack vector before. I think fixing these to pad with some > generated (0's, 1's, /dev/random, whatever) should be a top priority. Not /dev/random. It's going to be ignored as invalid anyway, since it's after the end of the packet according to the length. So it's not like trying to obfuscate it will magically put an attacker at some disadvantage. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C7FF481.991305A7>