For those of you who don't frequent the freebsd website I've put down the links to the most recent security advisories, as I haven't noticed anyone else here posting them?

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc
FreeBSD SA-03:14 - ARP - 23/09
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:13.sendmail.asc
FreeBSD SA-03:13 - Sendmail - 17/09
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc
FreeBSD-SA-03:12 - OpenSSH - 16/09

Just thought i'd save people the hassle, especially when a co-worker of mine says the ARP DoS is nasty as he got done over last week by it.

- dave

I read about that arp dos earlier indeed it does sound rather nasty. Thanks for the linkage dave. Everyone will appreciate that I'm sure! ;)

Just thought i'd save people the hassle, especially when a co-worker of mine says the ARP DoS is nasty as he got done over last week by it.


Got any more details on that experience? I'm wondering how he got attacked, where he was at the time, etc.

Just asked him and he said that he got "fucked over", He was actually running OpenBSD? So I'm not sure if he was actually effected by this bug, not even sure if it's Open related..? But he said that he got DoS'ed, rebooted, was fine, got DoS'ed, rebooted, was fine, the rebooted and was fine, took up 2.5 gig of his bandwidth all up, he's lazy and can't be bothered patching anything though, said it was sometime late last week.

- dave =)

AFAIK, the ARP attack only works on a local area network, so you say that he was attacked by someone inside the company?

I have no idea, the arp bug isn't even open, I think my mate was just using that as an excuse as to why his box is insecure. Probably doesn't help that he can't be bothered patching it.

Anyhow, theres a lot more freebie patches that have surfaced over the last few days just incase no one really checks out the freebie security annoncements area, I'd check it out and get patching =)

- dave