IV. Workaround
No workaround is available, but systems that do not provide TCP based
service to untrusted networks are not vulnerable.
Note that the tcpdrop(8) utility can be used to purge connections
which
have become wedged. For example, the following command can be used
to
generate commands that would drop all connections whose last rcvtime
is
more than 100s:
netstat -nxp tcp | \
awk '{ if (int($NF) > 100) print "tcpdrop " $4 " " $5 }'
The system administrator can then run the generated script as a
temporary
measure. Please refer to the tcpdump(8) manual page for additional
information.
It should be tcpdrop(8), isn't it?
Zahy < Gabor at Zahemszky dot HU >
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
