Fwd: [FreeBSD-Announce] FreeBSD Security Advisory
FreeBSD-SA-05:15.tcp
Daniel Hartmeier
daniel at benzedrine.cx
Fri Jul 1 14:34:27 GMT 2005
On Fri, Jul 01, 2005 at 01:15:07PM +0200, Simon L. Nielsen wrote:
> Note that there is also another vulnerability (addressed in the same
> advisory) here where there FreeBSD TCP stack accepted a SYN packet for
> an established connection.
>
> I would assume that pf's packet scrubbing would handle that and not
> let a SYN packet through for an established connection?
I'm not sure, on first glance, it doesn't look like scrubbing removes
the SYN or drops the packet, but I will check if this can be added.
But pf will ensure that only packets with sequence numbers within narrow
windows will pass, so it would have to be the real peer (or someone
along the path between the peers, who can sniff) that can deliver such a
SYN. Everyone else can't guess the right numbers, and their packets will
get blocked by pf.
Daniel
More information about the freebsd-pf
mailing list