On Thu, Jun 30, 2005 at 09:32:27AM -0500, BB wrote: > I assume without upgrading the mighty pf would handle this ?
Yes. The unpatched vulnerability can be exploited (to stall a connection) by spoofing only four (4) small packets, by choosing random sequence and timestamp values and their integer opposites[1]. Hence, exploiting it is relatively cheap, quick, and reliable. If you have pf in front of a peer, the attacker would have to successfully guess the proper sequence and acknowledgment numbers within small windows, which requires sending so many packets, it's considered unfeasible. If he could efficiently guess those numbers, he could simply RST the connection, or worse, inject payload, etc, anyway. Of course, if the other peer is unprotected, the attacker would send his spoofs there, and achieve the same effect. But if both are protected, the vulnerability is not exploitable. Daniel [1] http://downloads.securityfocus.com/vulnerabilities/exploits/tcp_paws.c _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
