FreeBSD and the Rose Attack / NewDawn
gandalf at digital.net
gandalf at digital.net
Mon May 2 10:32:34 PDT 2005
Greetings and Salutations:
From: c0ldbyte <c0ldbyte at myrealbox.com>
> On Mon, 2 May 2005 gandalf at digital.net wrote:
>> I *just* got my FreeBSD setup stable and working with a KDE
>> GUI. :-). I know, easy for you guys but this is the first time I
>> have set up FreeBSD with automatic updates. I settled on
>> FreeBSD 5.4 after many tries.
> Works nicely if you have access to root on a local machine for lan use
Exactly. Works in Windows also if you work hard enough.
> and the machines have been compiled with bpf support. Other then that
Berkeley Packet Filter is (of course) enabled by default in the GENERIC kernel config with the comment that you need bpf for DHCP.
> my testing on these cases over the net "internet" have not yielded any
> proposed results to effect FreeBSD machines. Tried on 4.x & 5.x.
> Any other proof that this yields anything that we need to worry about?.
I haven't really tried extensive testing "over the internet" and I guess that would be my question. Unless you have some kind of filter between you an the target machine then I assume that the DOS would work as well across "The Internet" as it would locally. Routers should pass fragmented packets same as any other kind of traffic. What am I missing?
I am thinking of the case where someone has a FreeBSD machine set up as their "corporate" firewall.
Ken
------------------------------------------------------------------
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gandalf at digital.net - O- TINLC
WWW Page - http://gandalf.home.digital.net/
Trace E-Mail forgery - http://gandalf.home.digital.net/spamfaq.html
Trolls crossposts - http://gandalf.home.digital.net/trollfaq.html
More information about the freebsd-net
mailing list