Darren:
Glad to see you are in on this discussion.
The code you use for the "keep state" option in IPFilters might be
able to recognize that the ACK does not belong to an existing
connection. Could a fast check be implemented as a rule under
IPFilters? (If it could, it's probably a one-liner, but I'd need
to figure out how to write it since I do not deal with IPFilters
on a regular basis.) If not, it seems as if the framework might
mostly be in place in your code.
--Brett
At 05:40 PM 1/20/2000 , Darren Reed wrote:
>What versions of FreeBSD are known to be vulnerable to it ?
>
>There appears to be some confusion about whether or not it is a wide
>spread problem.
>
>Darren
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
