Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
DDoS Security advisory from FreeBSD
« previous
next »
Print
Pages: [
1
]
Author
Topic: DDoS Security advisory from FreeBSD (Read 7588 times)
Supermule
Full Member
Posts: 235
Karma: 15
DDoS Security advisory from FreeBSD
«
on:
July 23, 2015, 09:16:13 am »
Hi Franco
This is the issue when SYN ACK'ing the firewall
https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html
The tests we did.
Logged
franco
Administrator
Hero Member
Posts: 17484
Karma: 1589
Re: DDoS Security advisory from FreeBSD
«
Reply #1 on:
July 23, 2015, 09:38:41 am »
Hi Brian,
oh, I saw and did not think this was related. Thanks for mentioning this. I was looking in the wrong place then being deeply buried inside the TCP state machine.
Anybody who wants to fix this now, do:
# opnsense-update -r 15.7.4 && reboot
Official release on Friday.
Cheers,
Franco
Logged
Supermule
Full Member
Posts: 235
Karma: 15
Re: DDoS Security advisory from FreeBSD
«
Reply #2 on:
July 23, 2015, 09:48:58 am »
When running spoofed ip's you dont get the FIN.
Logged
lucifercipher
Jr. Member
Posts: 55
Karma: 9
Re: DDoS Security advisory from FreeBSD
«
Reply #3 on:
July 23, 2015, 10:35:08 am »
So for development branches, a fresh pull of ports git will do the job? What exactly is changed with the 15.7.4? I can just get that component and rebuild the test images without losing changes to my testing trees.
But then again, i can always do freebsd-update fetch and install on the development machine to get the pacthes anyway right Franco?
«
Last Edit: July 23, 2015, 10:39:03 am by lucifercipher
»
Logged
franco
Administrator
Hero Member
Posts: 17484
Karma: 1589
Re: DDoS Security advisory from FreeBSD
«
Reply #4 on:
July 23, 2015, 12:30:55 pm »
src.git needs a bump, not ports. Then, with tools.git, do:
# make clean-source source SETTINGS=latest
(I think you were using latest.)
Ports don't have to be recompiled for this particular fix.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
15.7 Legacy Series
»
DDoS Security advisory from FreeBSD