Date: Mon, 27 Oct 2003 19:05:38 -0700 From: Brett Glass <brett@lariat.org> To: peter.lai@uconn.edu Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: Best way to filter "Nachi pings"? Message-ID: <6.0.0.22.2.20031027190409.04ada3f0@localhost> In-Reply-To: <20031027192235.GG6460@cowbert.2y.net> References: <200310270731.AAA23485@lariat.org> <20031027080240.GA9552@rot13.obsecurity.org> <20031027110203.B96390@trillian.santala.org> <20031027093435.GA6111@rot13.obsecurity.org> <6.0.0.22.2.20031027061227.03a6be78@localhost> <20031027192235.GG6460@cowbert.2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:22 PM 10/27/2003, Peter C. Lai wrote: >Similarly, is there a reason that you wouldn't be able to use the less robust >ipfw2 on your release (since I assume you'd be using it purely for its iplen >capabilities)? Look at some of the latest notes in the CVS database. They mention use-after-free problems, security holes (unprivileged users can manipulate the firewall), and other things you just wouldn't want on a production system. The good news is that they scoured the code quite thoroughly, and it seems to be solid now. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031027190409.04ada3f0>