In message <200301091612.h09GCcY13464@trinity.ihack.net>, "Charles M. Hannum" w
rites:
>
>> Speaking for myself, I think this is a non-issue.  (It's also been 
>> known for years.)  It's only a vulnerability if the attacker is on the 
>> same LAN; if that's the case, ARP-spoofing can yield all traffic, just 
>> just a few bytes from random packets.  (If it's an unswitched LAN, you 
>> don't even need that.)
>
>It's definitely been known for years -- I remember arguing with some
>implementors about it myself.
>
>Anyway, the problem is not leaking data from other packets, so much as
>leaking random data from memory.  mbufs are not explicitly cleared
>when they're allocated.
>
I thought the mbuf pool was dedicated to mbufs only, and those are 
almost completely used for networking.  Are they more flexible in their 
allocation?

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)