> Just released BIND 9.8.0 RC1, ChangeLog snip > > * A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled > allows for a TCP DoS attack. Until there is a kernel fix, ISC is > disabling SO_ACCEPTFILTER support in BIND. [RT #22589] > > > Is this another case of OpenBSD doing the right thing to start with and is > therefore invulnerable to this mentioned attack before it was even identified > here? A google search for (SO_ACCEPTFILTER bug openbsd) returns a bunch of > links from 8+ years ago.
This bug does not affect OpenBSD because OpenBSD does not have socket accept filters. Miod
