Really, how many SCTP users are there om the wild... maybe one? It shouldn't be in GENERIC at the very least! On 28/01/2015 21:19, Mark Andrews wrote:> > In message <20150128194011.2175B19F at hub.freebsd.org>, "Roger Marquis" writes: >>>> If SCTP is NOT compiled in the kernel, are you still vulnerable ? >>> >>> No -- we should have mentioned that too. For GENERIC kernel however >>> SCTP is compiled in. >> >> Should probably fix that too, in GENERIC, considering how little used this >> protocol is. > > It is not used much because there is not critical mass and you want > to reduce what little there is out there? It is a good thing that > it is in GENERIC. > > Mark > >> Roger Marquis >> >> _______________________________________________ >> freebsd-security at freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
Much more, than you explain. Hint: 3G and 4G mobile core networks. ;) On Wed, Jan 28, 2015 at 11:46 PM, Joe Holden <lists at rewt.org.uk> wrote:> Really, how many SCTP users are there om the wild... maybe one? > > It shouldn't be in GENERIC at the very least! > > > On 28/01/2015 21:19, Mark Andrews wrote: >> >> >> In message <20150128194011.2175B19F at hub.freebsd.org>, "Roger Marquis" >> writes: >>>>> >>>>> If SCTP is NOT compiled in the kernel, are you still vulnerable ? >>>> >>>> >>>> No -- we should have mentioned that too. For GENERIC kernel however >>>> SCTP is compiled in. >>> >>> >>> Should probably fix that too, in GENERIC, considering how little used >>> this >>> protocol is. >> >> >> It is not used much because there is not critical mass and you want >> to reduce what little there is out there? It is a good thing that >> it is in GENERIC. >> >> Mark >> >>> Roger Marquis >>> >>> _______________________________________________ >>> freebsd-security at freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-security >>> To unsubscribe, send any mail to >>> "freebsd-security-unsubscribe at freebsd.org" > > _______________________________________________ > freebsd-security at freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
On 29/01/15 08:46, Joe Holden wrote:> Really, how many SCTP users are there om the wild... maybe one? > > It shouldn't be in GENERIC at the very least!We use Netflow over SCTP in our network monitoring product, so it would be a pain to have to build a custom kernel. Nick -- Founder, CTO www.akips.com
On 1/28/2015 2:46 PM, Joe Holden wrote:> Really, how many SCTP users are there om the wild... maybe one? > > It shouldn't be in GENERIC at the very least!It's used for IP-based telecom backhaul with modern POTS networks and cell networks. It's far better than TCP at handling the vagaries of voice routing. Cell carriers like to use IP backhaul instead of private lines because IP transport is ubiquitous, dirt cheap, and all you need is a VPN to secure it. I use SCTP on video systems because it handles 1:N and M:N distribution systems very well, all I need to do is string UTP or deploy wifi, and, best of all, I don't have to use multicast.