In message <"studdec1.i.407:28.12.98.10.46.13"@ira.uka.de> you wrote:

> > URL: http://www.cert.org/advisories/CA-98-13-tcp-denial-of-service.ht=
ml
>=20
> What confused me is the date of this alert, as the exploit
> (teardrop/land) is published long ago. So if the exploit mentioned in
> above alert is the one published on e.g. rootshell.com at 14/15.11.1997=

> then NetBSD 1.3.x and current are not vulnerable. I did not try those
> at 1.2.x, as at the time this exploit was available, none of my
> machines run 1.2.x anymore.
No, CA-98-13 is *not* the teardrop/land attack as described in CA-97.28:
http://www.cert.org/advisories/CA-97.28.Teardrop_Land.html

IIRC only non-BSD stacks were affected by teardrop/land---CA-98-13 is
about a problem only some BSD-derived TCP/IP stacks have.

Since most versions of both OpenBSD and FreeBSD were vulnerable to
CA-98-13 I really doubt that NetBSD is not.

Bye,
  Thilo.
--=20
Mir ist mein Signature entlaufen :-(. Wer es findet, sende es bitte an
Thilo.Manske@HEH.Uni-Oldenburg.DE zur=FCck. Danke!=20