*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Apparently if you send a IP6 packet, then connect to the server it will crash. The workaround is to recompile the kernel with the patch. Now, he does ping and then shh. Im assuming if you were to do a syn scan and then say telnet it would do the same. -_-
Originally posted by chort Ummm, SYN scan is TCP, not ICMP...
Your absolutely right chort, my mistake. I haven't even tried *BSD yet, but am looking forward to exploring OpenBSD once I feel comfortable maneuvering around Slackware. OpenBSD seems to be my first choice for security reasons, even if it is just a laptop..=]
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
By the way, to everyone upgrading from source and following -CURRENT, make sure to read the Upgrading Mini-FAQ again. There are some changes to machdep on i386 that require a rebuild of binutils. I don't think that's required for -STABLE.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well I rebuilt my system (kernel and userland) so now it's back on By the way, the early bulletin was a bit misleading--it takes a certain type code of ICMP packet to trigger the crash, so it's not nearly as likely to happen by accident as the security bulletin publisher would have you believe. It's almost like he has a grudge or something.
Do you have any sample rule of your rc.conf and rc.firewall it seems mine is not working.... I add the "ipfw add deny ip any to any" but still a I can SSH to the box...
Or should i save it fisrt like on iptables but i don't know how...
Last edited by ryancoolest; 02-10-2004 at 06:56 PM.
Location: 1st hop-NYC/NewJersey shore,north....2nd hop-upstate....3rd hop-texas...4th hop-southdakota(sturgis)...5th hop-san diego.....6th hop-atlantic ocean! Final hop-resting in dreamland dreamwalking and meeting new people from past lives...gd' night.
Distribution: Siduction, the only way to do Debian Unstable
Posts: 506
Rep:
becareful with IPv6 now...set snort or the equivalent correctly.
Although designed to provide better security via IPSec, IPv6 also includes many enhancements, some of which can be exploited by attackers. For example, the address autoconfiguration feature be used by attackers to announce rogue routers. In addition, some of the transitioning mechanisms designed to allow for easier interaction between IPv6 and IPv4 networks can be misused by attackers. Transitioning tools create a way for IPv4 applications to connect to IPv6 services, and IPv6 apps to connect to v4 services.
Because of the standardized transitioning methods, such as 6to4, Simple Internet Transition (SIT) tunnels and IPv6 over UDP (such as Teredo and Shipworm), IPv6 traffic may be coming into networks without their administrators being aware of the fact (and thus, without them being aware that they are vulnerable to IPv6 exploits). For example, since many firewalls allow UDP traffic, IPv6 over UDP can get through those firewalls without administrators realizing what’s happening. Attackers can use 6 over 4 tunnels to evade Intrusion Detection software.
windows is more so vulnerable..........they dont have snort
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
By the way, the early bulletin was a bit misleading--it takes a certain type code of ICMP packet to trigger the crash, so it's not nearly as likely to happen by accident as the security bulletin publisher would have you believe. It's almost like he has a grudge or something.
