Re: [m0n0wall] M0n0wall susceptible for DOS exploit FreeBSD 4.9?

From:	Manuel Kasper <mk at neon1 dot net>
To:	Huub Reuver <h underscore reuver at mantell dot xs4all dot nl>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] M0n0wall susceptible for DOS exploit FreeBSD 4.9?
Date:	Sat, 13 Mar 2004 14:45:17 +0100

On 13.03.2004 14:29 +0100, Huub Reuver wrote:

> Since I have a server running FreeBSD 4.9 Release I more or less
> follow  the security advisories regularly.
> 
> Since M0n0wall 1.0 came out at 02-15-2004 there has been one
> advisory  about a remote DOS exploit. Is M0n0wall is also
> susceptible since little direct TCP connections can be made? (My

Only if you open the firewall itself up on the WAN side (not usually
necessary - not even if you use incoming NAT, but happens if you
enable PPTP VPN) - therefore I don't consider this a serious issue.
Nevertheless, the fix will be in the next release.

> box does not accept connections  from the WAN interface, still it
> could be attacked from the inside.)

If there's the chance that somebody might attack your firewall from
the inside, then you've got bigger things to worry about than that
particular DoS exploit.

- Manuel