From owner-freebsd-security Mon Jan 24 0: 9:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (Postfix) with ESMTP id 4A6BF1505A; Mon, 24 Jan 2000 00:09:36 -0800 (PST) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id D2DE5A843; Mon, 24 Jan 2000 09:09:33 +0100 (CET) Date: Mon, 24 Jan 2000 09:09:33 +0100 From: Guido van Rooij To: Brett Glass Cc: Mikhail Teterin , Darren Reed , Warner Losh , jamiE rishaw - master e*tard , Tom , Mike Tancsa , freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <20000124090933.A19088@gvr.gvr.org> References: <200001210421.PAA25285@cairo.anu.edu.au> <200001210531.AAA26807@rtfm.newton> <4.2.2.20000120223838.019309d0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <4.2.2.20000120223838.019309d0@localhost>; from Brett Glass on Thu, Jan 20, 2000 at 10:43:57PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 20, 2000 at 10:43:57PM -0700, Brett Glass wrote: > Unfortunately, no. IPFW is stateless (at least from packet > to packet). This makes it compact and fast but unable to > detect or handle some situations by itself. > > You could write a daemon that hung off of a divert(4) > socket (as natd does) to do this, but serious juju would > be required. > The current way heart of the TCP stateful filtering engine in ipfilter was designed by me. I am preparing an article on it which will be preseneted at the European SANE conference (http://www.nluug.nl/events/sane2000/index.html). Once my article is ready you can probably easily use it to make such a east for ipfw. -Guido in To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message