Bugtraq mailing list archives
Re: FreeBSD's RST validation
From: tristan+-eyjgmd () ETHEREAL NET (Tristan Horn)
Date: Sun, 30 Aug 1998 22:30:34 -0700
On Sun, Aug 30, 1998 at 06:22:26PM -0700, James Snow wrote:
Be aware that this individual used this attack on my machine late last night, disconnecting all of my users without warning, and certainly without asking for permission.
As before, I apologize for disconnecting those three random IRC sessions, though I don't think that's relevant to this forum.
He also did not, to my knowledge, report this to the FreeBSD team before posting this here.
Yeah, I only Bcc'd security-officer () freebsd org. Sorry, prior experience led me to believe that it would take a day or so before the message would be approved... Probably not entirely FreeBSD-specific, anyway. On Sun, Aug 30, 1998 at 07:09:46PM -0700, Diane Bruce wrote:
I hate people who mime their email for the plain text part.
OK, I won't sign this one.
Port 6666 is quite commonly used for autoconnect, as well as 31337... Not really very much that can be done from userland really...
I'm told that 5555 is something of a standard these days too. If you can effectively keep /both/ ports unknown, i.e. bind to a random port for outbound server connections and get your uplink to set up a special port (firewalled from portscanners), you'd be in good shape. However, I doubt most people would be willing to go to such trouble, and I think it takes enough additional brainpower to keep it from being exploited much before the patch is released anyway. The offending code seems to be around /usr/src/sys/netinet/tcp_input.c:809 for sockets in SYN_SENT state, and :1138 for sockets in most of the other states. (Looking at 2.2.6-RELEASE: $Id: tcp_input.c,v 1.54.2.7...) On a similar topic, has anyone explored the possibility of injecting routes or doing other evil things with the endlses information that ciscos provide in sh ip bgp nei? Most route-views type places seem to allow it. Tris
Current thread:
- Update on Linux unfsd, (continued)
- Update on Linux unfsd Olaf Kirch (Aug 29)
- Buffer overflows in Minicom 1.80.1 Eduardo Navarro (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 Alan Brown (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 M.C.Mar (Aug 31)
- Re: Buffer overflows in Minicom 1.80.1 Wichert Akkerman (Aug 31)
- buffer overflow in nslookup? Peter van Dijk (Aug 29)
- Re: buffer overflow in nslookup? Brandon Reynolds (Aug 29)
- Re: buffer overflow in nslookup? Peter van Dijk (Aug 30)
- FreeBSD's RST validation Tristan Horn (Aug 30)
- Re: FreeBSD's RST validation James Snow (Aug 30)
- Re: FreeBSD's RST validation Tristan Horn (Aug 30)
- port scanning. (fwd) Darren Reed (Aug 31)
- Re: FreeBSD's RST validation Andrey Alekseyev (Aug 31)
- Re: FreeBSD's RST validation Diane Bruce (Aug 30)
- Re: FreeBSD's RST validation Oliver Friedrichs (Aug 31)
- SEYON vulnerability in TurboLinux 2.0 Scott Stone (Aug 30)
- Re: buffer overflow in nslookup? www.devoid.net (Aug 30)
- Re: buffer overflow in nslookup? Benjamin J Stassart (Aug 30)
- Re: buffer overflow in nslookup? Theo de Raadt (Aug 31)
- Re: buffer overflow in nslookup? Uwe Ohse (Aug 31)
- Hole in Oracle Server/Developer 2000 - authentication protocol. Yaron Yanay (Aug 31)