SO_ACCEPTFILTER in FreeBSD (Was: Re: ISC BIND 9.6.3 is now available)
Doug Barton
dougb at dougbarton.us
Sat Feb 5 02:51:06 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 02/04/2011 16:09, Evan Hunt wrote:
| * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
| allows for a TCP DoS attack. Until there is a kernel fix, ISC is
| disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
This is the first I'm hearing about this problem, and a search of the
FreeBSD PR database didn't turn up any hits. If I've missed a memo, my
apologies. Could you point me in the right direction? This is clearly
something that we'd like to see addressed, and particularly given that
we have 2 releases fairly immediately pending, if there is a serious bug
in our kernel we'd like to know.
Thanks,
Doug
- --
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
iQEcBAEBCAAGBQJNTLsaAAoJEFzGhvEaGryEIvkIAIktb8VCYWRZgpueXFSeTT6Z
AE776GJYTPzPHW4aE8vXF7PMyNOE2hlSUVxdzf6jM8EwZtfuf0lErbh3ySih4qzd
FLjGqIl2Od3WwBu5K0T+y3A6tHk1+UAmEGJQHXYQArjTCwjMA3rzd5x+lXxyNlKk
QEd/86iCeGyOb/WCcdRGEYRrvSw05qI61Snd0RyqIhJjPmJTQ6/KbXGl1jyo4d0q
GIIbwnci0uNCYdmY0m30J+tZmmmus0Novf4iBMHJpyLdSvTw4EnUGPLJIDDcOsSE
HcqFCXexV2EwuV4Ss/lkPZJHEwzIKtyU1o5PGS/4YB0hl7JOi4jB4gCYaIofH/U=
=ie9b
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list