From owner-doc-jp@jp.freebsd.org  Thu Dec 24 18:34:22 1998
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) id SAA08397;
	Thu, 24 Dec 1998 18:34:22 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from jiyu.net ([209.100.98.61])
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) with ESMTP id SAA08386
	for <doc-jp@jp.freebsd.org>; Thu, 24 Dec 1998 18:34:20 +0900 (JST)
	(envelope-from daichi@ongs.net)
Received: from localhost (ppph033.wbs.ne.jp [202.219.55.33])
	by jiyu.net (8.8.5/8.8.5) with ESMTP id SAA31278
	for <doc-jp@jp.freebsd.org>; Thu, 24 Dec 1998 18:36:48 +0900
To: doc-jp@jp.freebsd.org
In-Reply-To: <19981224132943U.njt@nn.iij4u.or.jp>
References: <19981224090208L.daichi@ongs.net>
	<19981224132943U.njt@nn.iij4u.or.jp>
X-Mailer: Mew version 1.94b1 on XEmacs 20.4 (Emerald)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19981224183237A.daichi@ongs.net>
Date: Thu, 24 Dec 1998 18:32:37 +0900
From: "Daichi T.GOTO" <daichi@ongs.net>
X-Dispatcher: imput version 981019(IM102)
Lines: 196
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: doc-jp 5716
Subject: [doc-jp 5716] Re: ANNOUNCE: CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: daichi@ongs.net

$BBgCO$G$9(B :)

$B$3$,MM!"CfN$MM!#N;2r$C$9!*(B




  $B$3$N%a!<%k$O(B announce-jp $B$KN.$l$?(B

Subject: ANNOUNCE: CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)
From: FreeBSD Security Officer <security-officer@FreeBSD.ORG>
Date: Tue, 22 Dec 1998 19:49:16 +0100 (MET)
Message-Id: <199812221849.TAA09347@gvr.gvr.org>

$B$rF|K\8lLu$7$?$b$N$G$9(B. 
  $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
$B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r9T(B
$B$J$&$K$O86J8$r;2>H$7$F$/$@$5$$(B. 
  $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.freebsd.org $B$^$G(B
$B$*4j$$$7$^$9(B. 
                                    $BK]Lu(B : $B8eF#BgCO(B <daichi@ongs.net>
                                           $BCfN$Ip;V(B <njt@nn.iij4u.or.jp>
------------------------------------------------------------------------
$B$*CN$i$;(B: CERT $B4+9p(B CA-98.13 - TCP/IP $B%5!<%S%9ITG=967b(B ($BE>Aw(B)


$B:rF|2<5-$N4+9p$,(B CERT $B$h$j8xI=$5$l$^$7$?(B.$B$3$l$O(B FreeBSD $B$K$b3:Ev$9$k$b(B
$B$N$G(B, FreeBSD $B4XO"$NE,@Z$J%a!<%j%s%0%j%9%H$KE>Aw$7$^$9(B. $B$3$N7o$K4X$9$k(B 
FreeBSD $B%;%-%e%j%F%#%*%U%#%5!<$H$N6(NO$r(B CERT $B$K46<U$7$^$9(B. 




CERT $B4+9p(B CA-98-13-tcp-denial-of-service

   $B86J8$NH/9TF|(B:  1998 $BG/(B 12 $B7n(B 21 $BF|(B

   $B:G=*99?7(B

$B7oL>(B: TCP/IP $B$NFCDj$N<BAu$K$*$1$k<eE@(B

$B1F6A$r<u$1$k%7%9%F%`(B

   BSD $BM3Mh$N(B TCP/IP $B%9%?%C%/$r;}$D%7%9%F%`$N$&$A$N$$$/$D$+$G$"$k(B. $B1F6A(B
   $B$r<u$1$k%7%9%F%`$N40A4$J%j%9%H$K$D$$$F$O(B Appendix A $B$r;2>H$N$3$H(B. 

$B35MW(B

   $B967b<T$O(B TCP/IP $B%9%?%C%/$N<eE@$r0-MQ$7$F(B, $B%5!<%S%9$rCfCG$5$;$?$j(B, $B%7(B
   $B%9%F%`$r%/%i%C%7%e$5$;$?$j$9$k$3$H$,$G$-$k(B. $BFCJL$N%"%/%;%9<jCJ$OITMW(B
   $B$G(B, $B967b<T$OK\Ev$N%"%I%l%9$r1#$9$?$a$K;OE@%"%I%l%956B$(B 
   (source-address spoofing) $B$r$9$k$3$H$,$G$-$k(B. 

I. $B2r@b(B

   $B967b<T$OFCDj$NFCD'$r;}$D0lO"$N%Q%1%C%H$rCm0U?<$/9=@.$9$k$3$H$K$h$j(B, 
   $B<eE@$r;}$D%7%9%F%`$r%/%i%C%7%e$5$;$?$j(B, $B%O%s%0$5$;$?$j(B, $BM=B,$G$-$J$$(B
   $B7A$N$U$k$^$$$r$5$;$k$3$H$,$G$-$k(B. $B$3$l$O(B

       http://www.cert.org/advisories/CA-97.28.Teardrop_Land.html

   $B$K<($5$l$F$$$k<eE@$r4^$`B>$N%5!<%S%9K832(B (denial-of-service) $B967b$HF1(B
   $BMM$N8z2L$r;}$D$b$N$G$"$k(B. 
   $BFC$K(B, $B$3$N<eE@$H(B IP $B$N;OE@%"%I%l%956B$(B (IP-source-address spoofing) $B$r(B
   $BAH$_9g$o$;$k$3$H$G(B, $B967b<T$N0LCV$rFM$-;_$a$k$3$H$r:$Fq(B, $B$J$$$7IT2DG=$K(B
   $B$9$k$3$H$,$G$-$k(B. $B$^$?(B, $B%V%m!<%I%-%c%9%H%Q%1%C%H$HAH$_9g$o$;$k$3$H$G(B, 
   $B>/?t$N%Q%1%C%H$r;H$C$F$3$N<eE@$r;}$DB??t$N%^%7%s$K1F6A$rM?$($k$3$H$,$G(B
   $B$-$k(B. 

II. $B1F6A(B

   $B$3$N<eE@$r;}$D%^%7%s$rC/$G$b%j%b!<%H$+$i%/%i%C%7%e$5$;$?$j%O%s%0$5$;(B
   $B$k$3$H$,$G$-$k(B. $B$"$k$$$O%7%9%F%`$KM=B,$G$-$J$$7A$N$U$k$^$$$r$5$;$k$3(B
   $B$H$,2DG=$G$"$k(B. 

III. $B2r7hK!(B

A. $B%Y%s%@$+$i$N%Q%C%A$rE,MQ$9$k(B

   Appendix A $B$O(B, $B$3$N4+9p$K4X$9$k%Y%s%@$+$i$N>pJs$r4^$s$G$$$k(B. $B?7$?$J(B
   $B>pJs$r<u$1$H$j<!Bh(B, $B$3$N>pJs$r99?7$9$k(B. $B$b$7%Y%s%@$NL>A0$,8+Ev$?$i$J(B
   $B$1$l$P(B, CERT/CC $B$O$=$N%Y%s%@$+$i$O>pJs$r$$$?$@$$$F$$$J$$$N$G(B, $B%Y%s%@(B
   $B$KD>@\O"Mm$r$H$C$FD:$-$?$$(B. 

B. $B;OE@%"%I%l%956B$$rKI$0$h$&$K%k!<%?$d%U%!%$%"%&%)!<%k$r@_Dj$9$k(B

   $BDL2a;~$KFbIt$N;OE@%"%I%l%9$rMW5a$9$k$h$&$K%k!<%?$d%U%!%$%"%&%)!<%k(B
   $B$rD4@0$9$k$3$H$r>)Ne$7$F$$$k(B. $B:#$N$H$3$m%M%C%H%o!<%/$KN.$l$kB?$/$N(B IP 
   $B56B$%Q%1%C%H$r8:$i$9$?$a$N:GNI$N<jCJ$O(B, $B%M%C%H%o!<%/$+$i=P$F9T$/%Q(B
   $B%1%C%H$K$D$$$F(B, $BFbIt$N;OE@%"%I%l%9$rI,?\$H$9$k$h$&$K$9$kDL2a;~$K;O(B
   $BE@%"%I%l%9$rMW5a$9$k%U%#%k%?$r%k!<%?$K%$%s%9%H!<%k$9$k$3$H$G$"$k(B. 
   $B$3$N<j$N%U%#%k%?$O30It%M%C%H%o!<%/$X=P$F$$$/$9$Y$F$N%Q%1%C%H$r%U%#%k(B
   $B%?%j%s%0$9$k$3$H$G<+%5%$%H$+$i$N;OE@(BIP$B%"%I%l%956B$967b$rKI$0(B. 

   $B$3$N<j$N%U%#%k%?%j%s%0$K4X$9$k>\:Y@bL@$O(B Cisco Systems, Inc. $B$N(B Paul
   Ferguson $B$H(B Blazenet, Inc. $B$N(B Daniel Senie $B$K$h$k(B RFC 2267 $B!H(BNetwork 
   Ingress Filtering: Defeating Denial of Service Attacks which employ 
   IP Source Address Spoofing$B!I$r;2>H$"$l(B. $B2f!9$O$3$l$r%$%s%?!<%M%C%H%5!<(B
   $B%S%9%W%m%P%$%@$H%k!<%?$r4IM}$7$F$$$k%5%$%H$NN>J}$K4+$a$F$$$k(B. $B$3$N(B 
   RFC $B$O2<5-$r;2>H$N$3$H(B. 

      http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2267.txt

   $B>e5-$N%?%$%W$N%U%#%k%?%j%s%0$O967b<+BN$+$i%5%$%H$r<i$k$o$1$G$O$J$$$3(B
   $B$H$KCm0U$7$FD:$-$?$$(B. $B967b<T$N0LCV$r1#$9G=NO$r2<$2(B, $B967b$r;W$$$H$I$^(B
   $B$i$;$k$@$1$G$"$k(B. 


 Appendix A - $B%Y%s%@>pJs(B ($BLuCm(B*:FreeBSD $B4XO"$N$_H4?h(B)

    FreeBSD, Inc.
    FreeBSD 2.2.8 $B$K$O$3$N<eE@$O$J$$(B. 
    2.2.8 $B$h$jA0$N%P!<%8%g%s$N(B FreeBSD $B$K$O$3$N<eE@$,$"$k(B. 
    FreeBSD 3.0 $B$K$b$3$N<eE@$,$"$k(B. 
    1998/11/12 $BIU$N(B FreeBSD 3.0-current $B$K$O$3$N<eE@$O$"$k(B. 


$B9W8%<T(B

    $B$3$N<eE@$O(B Cambridge Technology Partners $B%(%s%?!<%W%i%$%:%;%-%e%j%F%#(B
    $B%5!<%S%9%A!<%`$N(B Joel Boutros $B$K$h$C$F:G=i$KH/8+$5$l$?(B. 
    FreeBSD, Inc. $B$N(B Guido van Rooij $B$,$3$N<eE@$N2r@O$H1F6A$N5Z$VHO0O$K(B
    $B4X$9$k>pJs$rDs6!$/$@$5$C$?(B. 
    ______________________________________________________________________

    $BK\%I%-%e%a%s%H$O2<5-$h$jF~<j2DG=(B:
    http://www.cert.org/advisories/CA-98-13-tcp-denial-of-service.html.
    ______________________________________________________________________


CERT/CC $BO"Mm@h(B

    Email: cert@cert.org
           $BEEOC(B: +1 412-268-7090 (24 $B;~4V%[%C%H%i%$%s(B)
           FAX: +1 412-268-6989
           $B=;=j(B:
           CERT Coordination Center
           Software Engineering Institute
           Carnegie Mellon University
           Pittsburgh PA 15213-3890
           U.S.A.
     $B7nMK$+$i6bMK$^$G$N(B 08:00-20:00 EST(GMT-5) / EDT(GMT-4) $B$N4V(B CERT $B?&(B
     $B0w$O%Q!<%=%J%k%"%s%5!<%[%C%H%i%$%s$K$FBP1~(B. $B=5Kv$dJF9q5YF|$K$O6[5^(B
     $BHI$,EEOC$r<u$1IU$1$F$$$k(B. 

$B0E9f$NMxMQ(B

     $B5!L)$N9b$$>pJs$O0E9f2=$7$F$+$i%a!<%k$GAw$k$h$&$K6/$/4+$a$F$$$k$b$N$G(B
     $B$"$k(B. $B2f!9$N(B PGP $B8x3+80$O(B http://www.cert.org/CERT_PGP.key $B$K$F<j$K(B
     $BF~$l$k$3$H$,$G$-$k(B. $B$b$7(B DES $B$NMxMQ$r$*K>$_$G$"$l$P(B CERT $B%[%C%H%i%$(B
     $B%s$K$F>\:Y$r$-$$$FM_$7$$(B. 

$B%;%-%e%j%F%#>pJs$N<hF@(B

   CERT $B$N=PHGJ*$*$h$S$=$NB>$N>pJs$O(B http://www.cert.org/ $B$N(B web $B%5%$(B
   $B%H$+$i<hF@$G$-$k(B. 

   $B2f!9$N%a!<%j%s%0%j%9%H$K2C$o$C$F4+9p$d9-Js$rCN$j$?$$$H$$$&J}$O(B 
   subject $B$K(B SUBSCRIBE $B$"$J$?$N%a!<%k%"%I%l%9$H5-F~$N>e(B 
   cert-advisory-request@cert.org $B$^$G%a!<%k$7$FD:$-$?$$(B. 

   Copyright 1998 Carnegie Mellon University.
   $BMxMQ>r7o(B, $BH]G'@<L@(B, $B%9%]%s%5!<>pJs$O(B http://www.cert.org $B$r;2>H$N$3$H(B
   
    * CERT $B$O(B U.S. Patent and Trademark Office $B$K$FEPO?:Q$_(B
   ______________________________________________________________________

   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an$B!H(Bas is$B!I(Bbasis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
   ______________________________________________________________________

   ($BLuCm(B: $B>e5-$NJ8>O$OK!N'J8=q$G$9$N$G(B, $B@5<0$JLu$OC4Ev$7$+$M$^$9(B. $BLu<T$O(B
          $B0J2<$NLuJ8>O$KBP$7$FL5J]>Z$G$9(B. 
   ______________________________________________________________________
    $BL5J]>Z(B
    $B%+!<%M%.!<%a%m%sBg3X$H%=%U%H%&%'%"%(%s%8%K%"%j%s%0%$%s%9%F%#%F%e!<%H(B
    $B$K$h$C$FDs6!$5$l$?%^%F%j%"%k$O(B $B!H(Bas is$B!I(B $B$N9M$($,$b$H$G$"$k(B. $B%+!<%M(B
    $B%.!<%a%m%sBg3X$O$9$Y$F$NJs9p$5$l$?(B, $B$=$l$H$J$/Js$8$i$l$?(B, $B@)8B$5$l$F(B
    $B$$$k(B, $BFCDj$NL\E*$d>&6H$X$NE,9g@-(B, $BMxMQ$K$h$k7k2L$dFH@j$K4X$7$FL5J]>Z(B
    $B$G$"$k(B. $B%+!<%M%.!<%a%m%sBg3X$OFC5v(B, $B%H%l!<%I%^!<%/(B, $B%3%T!<(B $B%i%$%H$K(B
    $B4X$9$k0cH?;v9`$K4X$7$F$^$C$?$/L5J]>Z$G$"$k(B.  
    _____________________________________________________________________ )


    $B2~DjMzNr(B
-----------------------------------------------------------
----
 Daichi T.GOTO (ONGS)
    http://www.ongs.net/daichi, daichi@ongs.net
