Re: ICMP attacks against TCP
From: Mike Silbersack (silby_at_silby.com)
Date: 08/13/04
- Previous message: Craig Edwards: "Re: sequences in the auth.log"
- In reply to: Steve Zweep: "ICMP attacks against TCP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 13 Aug 2004 12:36:48 -0500 (CDT) To: Steve Zweep <steve@borderware.com>
On Fri, 13 Aug 2004, Steve Zweep wrote:
> Has anyone seen the recently published IETF draft regarding ICMP attacks
> against TCP?
> [http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-00.txt]
>
> I'm interested in any comments as to the vulnerability of FreeBSD's TCP to
> such attacks and the need for or usefulness of the various solutions proposed
> in the paper.
>
> Thanks, all
>
> - Steve
Back when the RST semi-blind attacks came out, I double-checked our ICMP
code for the same condition. It turns out that this was fixed by one of
our developers years and years ago. I can't recall the exact version of
the change now, but I believe it occured around 4.1 or 4.2.
So, it could use some quick review, but I think we're good here.
Mike "Silby" Silbersack
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Craig Edwards: "Re: sequences in the auth.log"
- In reply to: Steve Zweep: "ICMP attacks against TCP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
