Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 2 Mar 2002 12:12:33 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        Leo Bicknell <bicknell@ufp.org>
Cc:        Luigi Rizzo <rizzo@icir.org>, Bob Bishop <rb@gid.co.uk>, "George V. Neville-Neil" <gnn@neville-neil.com>, Doug Ambrisko <ambrisko@ambrisko.com>, hackers@FreeBSD.ORG
Subject:   Re: Multicast problem with sis interface?
Message-ID:  <20020302121233.G66092@blossom.cjclark.org>
In-Reply-To: <20020301184123.GA5908@ussenterprise.ufp.org>; from bicknell@ufp.org on Fri, Mar 01, 2002 at 01:41:23PM -0500
References:  <200203010557.VAA1802420@meer.meer.net> <rb@gid.co.uk> <4.3.2.7.2.20020222165515.00c14850@gid.co.uk> <200203010557.VAA1802420@meer.meer.net> <4.3.2.7.2.20020301112956.00c5b550@gid.co.uk> <20020301035623.A32974@iguana.icir.org> <20020301184123.GA5908@ussenterprise.ufp.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Mar 01, 2002 at 01:41:23PM -0500, Leo Bicknell wrote:
> In a message written on Fri, Mar 01, 2002 at 03:56:23AM -0800, Luigi Rizzo wrote:
> > ok, these three drivers behave as follows:
> > 
> >  "ed" pads with whatever is left in the transmit buffer from
> >       earlier transmissions;
> >  "vr" pads with whatever is available in the mbuf after the actual data;
> 
> I point out both of these are security risks.  Granted, fairly
> minor, but they allow someone to get all/part of a previous packet's
> data, when they should have it.  This sort of thing has been used
> as an attack vector before.  I think fixing these to pad with some
> generated (0's, 1's, /dev/random, whatever) should be a top priority.

The only "people" who can see the leftover stuff are the same ones who
could have seen the original packet (the exception being very simple
switches, but anyone who really wanted to could see everything over
one of those anyway). If you are worried about this, don't buy
Cisco. The first time I noticed this was watching NIDS go off multiple
times from stuff coming over a 4000.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020302121233.G66092>