Hi Kurt,
Thanks lot responding my mail,
Please explain why you think this should be an issue for FreeBSD 10.2 ?
Currently i am using 10.2 and 10.4, i found this problem/vulnerability
still exist using below script
#!/usr/local/bin/python
from scapy.all import *
# VARIABLES
src = str(input('IP SRC: '))
dst = str(input('IP DST: '))
sport = random.randint(1024,65535)
dport = int(input("DST PORT: "))
# SYN
ip=IP(src=src,dst=dst)
SYN=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576),
ack=0)
SYNACK=sr1(ip/SYN)
print('Seq1 Number is :',SYNACK[TCP].seq) ==> Seq1
# RST
RST=TCP(sport=sport, dport=dport, flags='R', seq=SYNACK.ack, ack=0)
send(ip/RST)
#SYN
SYN2=TCP(sport=sport,dport=dport,flags='S',seq=random.randint(1024,1048576),
ack=0)
SYNACK2=sr1(ip/SYN2)
print('Seq2 Number is :',SYNACK2[TCP].seq) ==>
same ISN number i observed/receiving.
I mean seq1=seq2, TCP ISN reusing.
i think the patch is available on 10.4 on wards, but i dint found
exactly/similar patch from
https://www.freebsd.org/security/patches/
It could be great to confirm what is the corresponding latest patch this
problem would be solved. Kindly correct me anything i am missing.
Sincerely,
Brahma
On Thu, Jan 11, 2018 at 10:45 PM, Kurt Jaeger <
p...@freebsd.org> wrote:
> Hi!
> That's a security annoucement for FreeBSD 3.x to 5.x.
>
> Please explain why you think this should be an issue for FreeBSD 10.2 ?
>
> And, by the way: FreeBSD 10.2 is a old, no-longer supported version.
>
>
https://www.freebsd.org/releases/
>
> lists which versions are still supported.
>
> --
> p...@FreeBSD.org
+49 171 3101372 2 years to go !