Date: Fri, 4 Sep 1998 11:47:31 +0300 (EEST) From: Alexander Litvin <archer@lucky.net> To: Mikael Karpberg <karpen@ocean.campus.luth.se> Cc: hackers@FreeBSD.ORG Subject: Re: Response to RST validation problem? Message-ID: <199809040847.LAA15557@grape.carrier.kiev.ua> In-Reply-To: <199809032137.XAA14593@ocean.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <199809032137.XAA14593@ocean.campus.luth.se> you wrote:
MK> According to Studded:
>> As I'm sure everyone is aware, there was a post on bugtraq Sunday
>> regarding a vulnerability in our TCP code which leaves the system open
>> to attack via RST packets. In the past the project has always responded
MK> Umm... For those of us that don't have time to read Yet Another Mailing
MK> List and are therefor not subscribed to bugtraq... What is the effect
MK> of this attack? I assume you can send some form of packet to the a FreeBSD
MK> machine from a remote computer and get something to happen. What?
MK> Crash, DoS, or rootprompt?
It's DoS. There was an exploit posted, which allows you
to reset any TCP connection, if you know its parameters:
two addresses and two ports.
MK> Personally I'm not too worried if it's not the latter.
MK> I'll just reboot my server is something happens. :-)
MK> I'll upgrade when there is a patch... But if there's a breakin bug
MK> I kinda need to stop it.
MK> /Mikael
---
In the first place, God made idiots;
this was for practice; then he made school boards.
-- Mark Twain
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809040847.LAA15557>