From owner-freebsd-security Mon Jan 7 19:41:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from net.tamu.edu (net.tamu.edu [128.194.177.50]) by hub.freebsd.org (Postfix) with ESMTP id 40A3537B404; Mon, 7 Jan 2002 19:41:29 -0800 (PST) Received: by net.tamu.edu (Postfix, from userid 157) id C63A715891; Mon, 7 Jan 2002 21:41:28 -0600 (CST) Date: Mon, 7 Jan 2002 21:41:28 -0600 From: Dave Duchscher To: admin Cc: Matthias Schuendehuette , Joe Clarke , freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: TCP Sequence-Prediction (4.5-PRE) Message-ID: <20020107214128.A19265@net.tamu.edu> Mail-Followup-To: admin , Matthias Schuendehuette , Joe Clarke , freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG References: <20020107104258.Y23081-100000@crimelords.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020107104258.Y23081-100000@crimelords.org>; from admin@crimelords.org on Mon, Jan 07, 2002 at 10:43:55AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org My experience with ISS is that it tends to report false positives quite often. For example, we are still scratching our heads when it reports ISS problems for an IRIX box running Apache. DaveD On Mon, Jan 07, 2002 at 10:43:55AM -0600, admin wrote: > I got the same thing when scanning a 4.4-STABLE box with ISS Scanner...I > personally think it's the scanner, but am still testing myself. > > --emacs > > On Fri, 4 Jan 2002, Matthias Schuendehuette wrote: > > > Hi Joe, > > > > Am Donnerstag, 3. Januar 2002 22:07 schrieben Sie: > > > On Thu, 2002-01-03 at 15:59, Matthias Schuendehuette wrote: > > > > I looked at the published Patch in FreBSD-SA-00:52 but couldn't > > > > find the Sourcecode Sequence to be patched any more (I wasn't > > > > wondering). > > > > > > Is this what you're looking for: > > > > > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00%3A52/tcp-iss.pat > > >ch > > > > as I've mentioned above, I *found* that patch but if you look at the > > source files to patch you'll recognize that they're completely > > different now and that the patch doesn't succeed anymore (which isn't > > surprising for noone IMHO). > > > > I think, the point is what ISS states as 'predictable'... I'll wait > > what our iss-service declares - I can't imagine that 4.5-PRERELEASE is > > worse than 4.1.1-STABLE concerning 'tcp prediction'. > > > > Ciao/BSD - Matthias > > > > -- > > *************************************************************************** > > * Matthias Schuendehuette msch@snafu.de * > > * Solmsstrasse 44 * > > * D-10961 Berlin Engineering Systems Support and Operation * > > * Germany (Powered by FreeBSD 4.5-PRERELEASE) * > > *************************************************************************** > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message