New ping-based attack
-
FYI. Article states that FreeBSD is among the affected
https://www.theregister.co.uk/2019/06/17/linux_tcp_sack_kernel_crash/
-
Looks like it only effects FreeBSD 12, and in a more limited way than Linux. This isn't an issue with 2.4.4, which is based on 11.2
EDIT: It's only an issue on 12 if you enable the new TCP RACK stuff, which is off by default. -
This isn't relevant to pfSense in any way, as far as I can tell.
- It only affects FreeBSD 12, so it would not affect the current release, 2.4.4-p3, which is based on FreeBSD 11.2
- It only affects the RACK TCP stack which is not used on pfSense 2.5.0 snapshots. This is an optional, non-default, TCP stack. The module for it is not built nor included in images.
To use that stack, someone has to go out of their way to load the
tcp_rackkernel module (which isn't on pfSense) and setnet.inet.tcp.functions_default=rack(which on pfSense 2.5.0 is set to the default,freebsd) -
@jimp said in New ping-based attack:
This isn't relevant to pfSense in any way, as far as I can tell.
- It only affects FreeBSD 12, so it would not affect the current release, 2.4.4-p3, which is based on FreeBSD 11.2
- It only affects the RACK TCP stack which is not used on pfSense 2.5.0 snapshots. This is an optional, non-default, TCP stack. The module for it is not built nor included in images.
To use that stack, someone has to go out of their way to load the
tcp_rackkernel module (which isn't on pfSense) and setnet.inet.tcp.functions_default=rack(which on pfSense 2.5.0 is set to the default,freebsd)Good to know. Thanks.
