FreeBSD Security Advisory FreeBSD-SA-15:02.kmem
Ian Smith
smithi at nimnet.asn.au
Thu Jan 29 14:21:12 UTC 2015
On Wed, 28 Jan 2015 17:01:50 -0800, jungle Boogie wrote:
> Hi Nick,
> On Jan 28, 2015 4:56 PM, "Nick Frampton" <nick.frampton at akips.com> wrote:
> >
> > On 29/01/15 08:46, Joe Holden wrote:
> >>
> >> Really, how many SCTP users are there om the wild... maybe one?
> >>
> >> It shouldn't be in GENERIC at the very least!
> >
> >
> > We use Netflow over SCTP in our network monitoring product, so it would
> be a pain to have to build a custom kernel.
>
> But also a pain to have an exploit when it could be prevented.
Are you vulnerable to an SCTP exploit if you're not using SCTP?
> Its all about trade offs, right?
I seem to recall similar resistance to including IPv6 into GENERIC ..
It _would_ be good to know more about who's using SCTP, and for what
usage cases it has tangible benefits over TCP, but I guess not here.
cheers, Ian
More information about the freebsd-security
mailing list