--On 1 May 2014 11:42:10 -0700 Xin Li <[email protected]> wrote: >> Does this require an established TCP session to be present? - i.e. >> If you have a host which provides no external TCP sessions (i.e. >> replies 'Connection Refused' / drops the initial SYN) would that >> still be potentially exploitable? > > No. An established TCP session is required. > >> What about boxes used as routers - that just forward the traffic >> (and again, offer no TCP services directly themselves)? > > Routers themselves are not affected assuming that they merely forwards > the traffic. That's great - thanks for clarifying... We have a number of boxes that you can't (from the Internet) get a TCP session to, whilst they will still have to be patched [to protect them from our 'admin' networks] - we can use that mitigation to schedule a better patch install / reboot schedule, Regards, -Karl _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"