Oops.... I've answered my own question. IPFW's "established" keyword only checks the RST or ACK bits; it can't tell if a session is REALLY established or not. Only a firewall that can save state (such as IPFilters), or the kernel itself, can do this. It'd be neat if we could use IPFilters to do a temporary fix for this, because it'd nuke the problem on several OSes at once -- including all of the BSDs. (They all just happen to come with IPFilters out of the box now.) This way, when the skript kiddies reading Bugtraq start trying this, there will be an immediate defense. --Brett To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
- Re: bugtraq posts: stream.c - new FreeBSD exploit? Sean Trifero
- Re: bugtraq posts: stream.c - new FreeBSD exploit? Brett Glass
- Re: bugtraq posts: stream.c - new FreeBSD exploit? Warner Losh
- Re: bugtraq posts: stream.c - new FreeBSD exploi... Brett Glass
- Re: bugtraq posts: stream.c - new FreeBSD ex... Brett Glass
- Re: bugtraq posts: stream.c - new FreeBSD exploi... Darren Reed
- Re: bugtraq posts: stream.c - new FreeBSD ex... Brett Glass
- Re: bugtraq posts: stream.c - new FreeB... Darren Reed
- Re: bugtraq posts: stream.c - new F... Brett Glass
- Re: bugtraq posts: stream.c - n... Darren Reed
- Re: bugtraq posts: stream.c - new FreeBSD ex... Warner Losh
- Re: bugtraq posts: stream.c - new FreeBSD exploit? Dima Ruban
