SO_ACCEPTFILTER in FreeBSD (Was: Re: ISC BIND 9.6.3 is now available)
dougb at dougbarton.us
Sat Feb 5 02:51:06 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 02/04/2011 16:09, Evan Hunt wrote:
| * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
| allows for a TCP DoS attack. Until there is a kernel fix, ISC is
| disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
This is the first I'm hearing about this problem, and a search of the
FreeBSD PR database didn't turn up any hits. If I've missed a memo, my
apologies. Could you point me in the right direction? This is clearly
something that we'd like to see addressed, and particularly given that
we have 2 releases fairly immediately pending, if there is a serious bug
in our kernel we'd like to know.
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
-----END PGP SIGNATURE-----
More information about the bind-users