FreeBSD : FreeBSD -- Denial of Service in TCP packet processing (729c4a9f-6007-11e6-a6c3-14dae9d210b8)
Medium Nessus Plugin ID 92907
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionWhen a segment with the SYN flag for an already existing connection arrives, the TCP stack tears down the connection, bypassing a check that the sequence number in the segment is in the expected window.
Impact : An attacker who has the ability to spoof IP traffic can tear down a TCP connection by sending only 2 packets, if they know both TCP port numbers. In case one of the two port numbers is unknown, a successful attack requires less than 2**17 packets spoofed, which can be generated within less than a second on a decent connection to the Internet.
SolutionUpdate the affected packages.