Just a note that, as discussion on nanog shows, it's very important to
only do the md5 check if the incoming packet is going to be accepted
and processed, rather than the intuitive order of checking the sig
first. That's because checking first allows an easy DoS, since checking
is cpu-intensive.
B
FYI--- Begin Message ---
The additional implementation flaw of BSD based TCP/IP stacks has
been fixed in FreeBSD in revision 1.81 of tcp_input.c in 1998 for
FreeBSD 2.2 and 3.0 and all releases since about six years ago.
--
Andre
NetBSD Security-Officer wrote:
>
> -BEGIN PGP SIGNED MESSAG
Luigi Rizzo wrote:
On Thu, Apr 22, 2004 at 04:26:26PM +0200, Heinz Knocke wrote:
I'd like to simulate an LFN over LAN - my idea is to install
testing software on 2 hosts, traffic between them would be routed
by the 3rd one - a FreeBSD based router. To simulate long RTT the
router would have to del
On Thu, Apr 22, 2004 at 04:13:40PM +0200, Andre Oppermann wrote:
> Brooks Davis wrote:
> >
> > Please test/review the following patch to the network interface cloneing
> > code. This code is a major overhaul of the cloning infrastructure.
> >
> > The significant include:
> > - Split the code ou
Heinz Knocke wrote:
>
> Hi!
>
> I'd like to simulate an LFN over LAN - my idea is to install testing software
> on 2 hosts, traffic between them would be routed by the 3rd one - a FreeBSD
> based router. To simulate long RTT the router would have to delay packet
> forwarding in at least one direc
On Thu, Apr 22, 2004 at 04:26:26PM +0200, Heinz Knocke wrote:
> Hi!
>
> I'd like to simulate an LFN over LAN - my idea is to install testing software on 2
> hosts, traffic between them would be routed by the 3rd one - a FreeBSD based router.
> To simulate long RTT the router would have to delay
Hi!
I'd like to simulate an LFN over LAN - my idea is to install testing software on 2
hosts, traffic between them would be routed by the 3rd one - a FreeBSD based router.
To simulate long RTT the router would have to delay packet forwarding in at least one
direction - does anyone know how to d
Brooks Davis wrote:
>
> Please test/review the following patch to the network interface cloneing
> code. This code is a major overhaul of the cloning infrastructure.
>
> The significant include:
> - Split the code out into if_clone.[ch].
> - Locked struct if_clone. Derived from work by Mauryc
Hey guys,
I'm really pressed for time at the moment and people are demanding a lot of
other things from me. So I'd like to float this patch set against HEAD
which does inbound TCP-MD5 verification, so far for SYNs only.
I took a decision to use sysctls rather than enlarge struct tcpstat to avoid
Hi,
Jay Hall schrieb:
Is it possible to do this? Or should I work on trying to add the routes
as the interfaces come up based on the IP address they are assigned?
2 possibilities:
a) use RADIUS
or
b) use an iface-up/down script where you add/remove your routes.
bye,
--
-
I have setup a VPN for the company I work for in which all of the remote
offices connect to the Headquarters office using MPD. And this works
great until I have to re-establish the connections.
What I am trying to do, and maybe there is a better way, is to control
what ng interface a client co
11 matches
Mail list logo
