Date: Wed, 22 Jul 2015 08:52:56 +0200 From: gabor@zahemszky.hu To: <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:13.tcp Message-ID: <9acb8bbfb059c3e8d08ba20a41441714@zahemszky.hu> In-Reply-To: <20150722025746.721831C32@freefall.freebsd.org> References: <20150722025746.721831C32@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> IV. Workaround
>
> No workaround is available, but systems that do not provide TCP based
> service to untrusted networks are not vulnerable.
>
> Note that the tcpdrop(8) utility can be used to purge connections
> which
> have become wedged. For example, the following command can be used
> to
> generate commands that would drop all connections whose last rcvtime
> is
> more than 100s:
>
> netstat -nxp tcp | \
> awk '{ if (int($NF) > 100) print "tcpdrop " $4 " " $5 }'
>
> The system administrator can then run the generated script as a
> temporary
> measure. Please refer to the tcpdump(8) manual page for additional
> information.
It should be tcpdrop(8), isn't it?
Zahy < Gabor at Zahemszky dot HU >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9acb8bbfb059c3e8d08ba20a41441714>