Re: Status Check: CVE CAN-2004-0002
From: Xin LI (delphij_at_frontfree.net)
Date: 02/05/04
- Previous message: Syahrul Sazli Shaharir: "Status Check: CVE CAN-2004-0002"
- In reply to: Syahrul Sazli Shaharir: "Status Check: CVE CAN-2004-0002"
- Next in thread: Dag-Erling Smørgrav: "Re: Status Check: CVE CAN-2004-0002"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 5 Feb 2004 15:12:30 +0800 To: Syahrul Sazli Shaharir <sazli@jaring.my>
On Thu, Feb 05, 2004 at 10:58:30AM +0800, Syahrul Sazli Shaharir wrote:
> Just want to ask about the status of this:-
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0002
Some discuss took place about this issue. Unfortuanatelly, the commit
seemed to generating some problem, and that delaied the MFC to -STABLE.
This will be hopefully better resolved, and you may want to manually
apply the -STABLE patch available here:
http://www.nrg4u.com/freebsd/tcpminmss-4stable-20040107.diff
In my test, the patch will mitigate MSS exhaustion attacks, but
it also disrupt some normal operations, for example, if you ssh
to a remote box and do mergemaster and the computer responds fast
enough, the connection will be dropped, if you did not set the
sysctl's properly.
I am looking for some other mechanisms on mitigating this issue.
You may want to consult andre@ for detailed information.
-- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information.
- application/pgp-signature attachment: stored
- Previous message: Syahrul Sazli Shaharir: "Status Check: CVE CAN-2004-0002"
- In reply to: Syahrul Sazli Shaharir: "Status Check: CVE CAN-2004-0002"
- Next in thread: Dag-Erling Smørgrav: "Re: Status Check: CVE CAN-2004-0002"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
