DDoS Security advisory from FreeBSD

« previous next »

Print

Pages: [1]

Author Topic: DDoS Security advisory from FreeBSD (Read 7898 times)

Supermule

Full Member
Posts: 235
Karma: 15

DDoS Security advisory from FreeBSD

« on: July 23, 2015, 09:16:13 am »

Hi Franco

This is the issue when SYN ACK'ing the firewall

https://lists.freebsd.org/pipermail/freebsd-announce/2015-July/001655.html

The tests we did.

Logged

franco

Administrator
Hero Member
Posts: 17661
Karma: 1611

Re: DDoS Security advisory from FreeBSD

« Reply #1 on: July 23, 2015, 09:38:41 am »

Hi Brian,

oh, I saw and did not think this was related. Thanks for mentioning this. I was looking in the wrong place then being deeply buried inside the TCP state machine.

Anybody who wants to fix this now, do:

# opnsense-update -r 15.7.4 && reboot

Official release on Friday.

Cheers,
Franco

Logged

Supermule

Full Member
Posts: 235
Karma: 15

Re: DDoS Security advisory from FreeBSD

« Reply #2 on: July 23, 2015, 09:48:58 am »

When running spoofed ip's you dont get the FIN.

Logged

lucifercipher

Jr. Member
Posts: 55
Karma: 9

Re: DDoS Security advisory from FreeBSD

« Reply #3 on: July 23, 2015, 10:35:08 am »

So for development branches, a fresh pull of ports git will do the job? What exactly is changed with the 15.7.4? I can just get that component and rebuild the test images without losing changes to my testing trees.

But then again, i can always do freebsd-update fetch and install on the development machine to get the pacthes anyway right Franco?

« Last Edit: July 23, 2015, 10:39:03 am by lucifercipher »

Logged

franco

Administrator
Hero Member
Posts: 17661
Karma: 1611

Re: DDoS Security advisory from FreeBSD

« Reply #4 on: July 23, 2015, 12:30:55 pm »

src.git needs a bump, not ports. Then, with tools.git, do:

# make clean-source source SETTINGS=latest

(I think you were using latest.)

Ports don't have to be recompiled for this particular fix.

Logged

Print

Pages: [1]

« previous next »