From owner-freebsd-hackers Sat Nov 29 12:14:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA18541 for hackers-outgoing; Sat, 29 Nov 1997 12:14:50 -0800 (PST) (envelope-from owner-freebsd-hackers) Received: from zippy.dyn.ml.org (garbanzo@libya-240.ppp.hooked.net [206.169.227.240]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA18533 for ; Sat, 29 Nov 1997 12:14:47 -0800 (PST) (envelope-from garbanzo@hooked.net) Received: from localhost (garbanzo@localhost) by zippy.dyn.ml.org (8.8.7/8.8.7) with SMTP id MAA25536; Sat, 29 Nov 1997 12:15:24 -0800 (PST) X-Authentication-Warning: zippy.dyn.ml.org: garbanzo owned process doing -bs Date: Sat, 29 Nov 1997 12:15:24 -0800 (PST) From: Alex X-Sender: garbanzo@zippy.dyn.ml.org To: Tom cc: "Daniel J. O'Connor" , Daniel Leeds , hackers@freebsd.org Subject: Re: land patch? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 29 Nov 1997, Tom wrote: > > According to someone on BugTraq, a bug was "fixed" with the tcp-stack > > after 2.2.2, that makes 2.2.5 machines vunerable to these attacks. > > Patches should have already been checked into the source tree, and can be > > retreived via cvsup or ctm (see the handbook > > http://www.freebsd.org/handbook). > > However, it is very unclear what the effect of the this bug was. land.c > certainly doesn't seem to hang FreeBSD, but it does mess with the stack a > bit. Using tcpdump on an old FreeBSD system, the land.c seems to cause > a packet to repeat over and over again. It seems to eat up some CPU, and > some buffer space. That's probably what the bug is. Afterall spiking cpu loads could be considered a DoS attack, especially if you send hundreds of them to a ocmputer. - alex