Subject: Re: Article
To: Charles M. Hannum <>
From: Steven M. Bellovin <>
List: current-users
Date: 01/09/2003 11:21:17
In message <>, "Charles M. Hannum" w
>> Speaking for myself, I think this is a non-issue.  (It's also been 
>> known for years.)  It's only a vulnerability if the attacker is on the 
>> same LAN; if that's the case, ARP-spoofing can yield all traffic, just 
>> just a few bytes from random packets.  (If it's an unswitched LAN, you 
>> don't even need that.)
>It's definitely been known for years -- I remember arguing with some
>implementors about it myself.
>Anyway, the problem is not leaking data from other packets, so much as
>leaking random data from memory.  mbufs are not explicitly cleared
>when they're allocated.
I thought the mbuf pool was dedicated to mbufs only, and those are 
almost completely used for networking.  Are they more flexible in their 

		--Steve Bellovin, (me) (2nd edition of "Firewalls" book)