Subject: Re: CA-98.13
To: Thorsten Frueauf <>
From: Mason Loring Bliss <>
List: tech-security
Date: 12/29/1998 09:17:48
On Tue, Dec 29, 1998 at 01:36:44PM +0100, Thorsten Frueauf wrote:

> And I *think* this is already in
> $NetBSD: ip_input.c,v 1998/11/15 19:18:13 cgd Exp $
> which is NetBSD-1.3.3.

FWIW, last night I was seeing inexplicable crashes on my firewall box at work,
after being in an IRC channel where I may have garnered some sort of attention.

The crashes happened with fair regularity, not long after the machine came up.
This matched descriptions I've seen from folks experiencing some DOS attack or
other this past year, so during a brief "up" moment, I snagged the 1.3.3
sources and built a 1.3.3 kernel for my firewall. It hasn't gone down since.

The machine in question has been stunningly stable so far, and this is the
first time it's gone down like this. The only possibility I see other than
an attack is strange IP behaviour from a new FreeBSD-current box I've been
setting up behind the firewall. It *was* trying to do something over the net
during each crash, although it had been doing stuff over the net previously
without complaint. In any event, I suppose all I can say is that the machine
hasn't gone down since the 1.3.3 kernel got dropped in.


Mason Loring
"In the drowsy dark cave of the mind dreams build their nest with fragments
  dropped from day's caravan."--Rabindranath Tagore..awake ? sleep : dream;