From owner-freebsd-hackers  Sat Oct  7 21:52:11 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id VAA17343
          for hackers-outgoing; Sat, 7 Oct 1995 21:52:11 -0700
Received: from pelican.com (pelican.com [134.24.4.62])
          by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id VAA17336
          for <hackers@freebsd.org>; Sat, 7 Oct 1995 21:52:06 -0700
Received: from puffin.pelican.com by pelican.com with smtp
	(Smail3.1.28.1 #5) id m0t1niT-000K2mC; Sat, 7 Oct 95 21:52 WET DST
Received: by puffin.pelican.com (Smail3.1.29.1 #9)
	id m0t1niT-0000ReC; Sat, 7 Oct 95 21:52 PDT
Message-Id: <m0t1niT-0000ReC@puffin.pelican.com>
Date: Sat, 7 Oct 95 21:52 PDT
From: pete@puffin.pelican.com (Pete Carah)
To: julian@ref.tfs.com
Subject: Re: TCP/IP Spoofing etc.
In-Reply-To: <199510072005.NAA11885@ref.tfs.com>
Cc: hackers@freebsd.org
Sender: owner-hackers@freebsd.org
Precedence: bulk

In article <199510072005.NAA11885@ref.tfs.com> you write:

>I have to explain to someone the possible problems
>that might be encountered by using old software on a 
>machine in the internet.

>One thing that came to mind is that it's possible this role
>might include some 'firewall' type duties.

I don't know about these unless it makes use of single-packet
TTCP...

>(p.s. I need this info pretty quickl (as per normal))

>(I.P.Spoofing is another thing I'm sorta curious about..
>I guess there may be CERT notes on these right?)

Steve Bellovin (Bell Labs) is the reference I remember; there are several
others.  I've modified several FreeBSD kernels to foil the sequence-number
attack (but one wants a better system than mine to do it "right"; if I
let out how I did it it wouldn't work.)

(Nice to have access to the source :-)

>(got a cert URL?)

ftp.cert.org.  I don't know about a web server but it would have the
obvious name if it exists.  Their reports are purposely obscured (but at
least tell you that attacks exist); for more detail see 8lgm and other
stuff in comp.security.unix and comp.security.misc.

The latest cert report was a summary of the 'announced' bugs which are
still outstanding on popular systems...  I don't know which ones we are
susceptible to; we are using the latest (or next-latest) sendmail which
has plugged many of them.

-- Pete