Date: Tue, 30 Apr 2002 23:47:54 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Garance A Drosihn <drosih@rpi.edu> Cc: stable@FreeBSD.ORG Subject: Re: Heads Up: Accept filters fixed Message-ID: <20020430234550.M33460-100000@patrocles.silby.com> In-Reply-To: <p05111723b8f51b6e6633@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 May 2002, Garance A Drosihn wrote: > At 11:07 PM -0500 4/30/02, Mike Silbersack wrote: > >Just a quick note for those of you using accept filters with > >a 4.4+ kernel using the syncache: Your accept filters are > >broken, and easily DoSable. > > > >The fix (attached) has now been committed to both 5.0 and 4.5, > >so I recommend doing one of two things if you're using accept > >filters: > > How seriously are they broken? > Should this be MFC'ed into RELENG_4_5 ? (security-patches branch) > > -- > Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Well, they're easily DoSable, but you can tell who's hogging the connections with a simple netstat. If someone wants to merge the change to RELENG_4_5, that'd be fine with me, but I don't think it's security advisory material. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020430234550.M33460-100000>