similar to: FreeBSD Security Advisory FreeBSD-SA-02:20.syncache

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:26.accept Security Advisory The FreeBSD Project Topic: Remote denial-of-service when using accept filters Category: core Module: kernel Announced:

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: kernel 2.2 and 2.4: syncookie vulnerability Advisory ID: RHSA-2001:142-15 Issue date: 2001-10-26 Updated on: 2001-11-02 Product: Red Hat Linux Keywords: syncookie security kernel Cross references: Obsoletes:

Default,syncookies are activate when syn list(backlog queue) is full. I want hybrid system. I propose a system , syncookies active dynamic per connection . where will I write code , where syncookies system does call in the code file.

Hi, folks @ freebsd-security. First, I am not sure if this is apropriate topic for that list, so sorry, if it is not. Some time ago I have read rfc1948 (protection from blind TCP spoofing) and became interested in the way how it is implemented in FreeBSD. After some googling (BTW if you like Google you might be interested in this: http://register.spectator.ru/img/bart.gif ), I found this:

I have an Asus A8V-MX motherboard with an AMD Athlong 64 X2 3800+ CPU and I'm trying to run powerd to keep it cooler/quieter/greener. I'm running -STABLE (6.1-RC) cvsup'ed a couple of days ago, with a kernel config that consists of the SMP sample plus an atapicam device. I'm loading the cpufreq.ko module in /boot/loader.conf. I've attached my dmesg output and sysctl -a

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: Linux - syncookies firewall breaking problem Advisory number: CSSA-2001-038.0 Issue date: 2001, November 05 Cross reference: ______________________________________________________________________________ 1.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:09.signal Security Advisory The FreeBSD Project Topic: Insufficient range checking of signal numbers Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:09.signal Security Advisory The FreeBSD Project Topic: Insufficient range checking of signal numbers Category: core Module: sys Announced:

I have a build process (which worked at release 7.3) that makes a bootable ISO using a ramdisk image as the boot volume. At release 8 it panics right after reporting the real memory size with: kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode ... [thread pid 0 tid 0 ] Stopped at pmap_enter+0x19a: moveq (%rcx),%r14 (I have the text frozen on

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:09.signal Security Advisory The FreeBSD Project Topic: Insufficient range checking of signal numbers Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:32.pppd Security Advisory The FreeBSD Project Topic: exploitable race condition in pppd Category: core Module: pppd Announced: 2002-07-31 Credits:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:10.ibcs2 Security Advisory The FreeBSD Project Topic: Kernel memory disclosure via ibcs2 Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:10.ibcs2 Security Advisory The FreeBSD Project Topic: Kernel memory disclosure via ibcs2 Category: core Module: sys Announced:

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:35.ffs Security Advisory The FreeBSD Project Topic: local users may read and write arbitrary blocks on an FFS filesystem Category: core

Here's my proposed patch to change RST handling so that ESTABLISHED connections are subject to strict RST checking, but connections in other states are only subject to the "within the window" check. Part 2 of the patch is simply a patch to netstat so that it displays the statistic. As expected, it's very straightforward, the only real question is what to call the statistic...

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:27.rc Security Advisory The FreeBSD Project Topic: rc uses file globbing dangerously Category: core Module: rc Announced: XXXX-XX-XX Credits:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:09.signal Security Advisory The FreeBSD Project Topic: Insufficient range checking of signal numbers Category: core Module: sys Announced:

Hi Jacques, list, On Mon, Aug 11, 2003 at 09:09:18AM +0100, Bruce M Simpson wrote: > cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -g -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/../include -I/usr/src/sys/contrib/ipfilter -D_KERNEL -include opt_global.h -elf