Date: Wed, 3 Mar 2004 03:13:38 +1100 (Australia/ACT) From: Darren Reed <avalon@caligula.anu.edu.au> To: stb@lassitu.de (Stefan Bethke) Cc: freebsd-security@freebsd.org Subject: Re: mbuf vulnerability Message-ID: <200403021613.i22GDcM8005592@caligula.anu.edu.au> In-Reply-To: <9CDEFA50-6C4F-11D8-9FC0-000393496BE8@lassitu.de> from "Stefan Bethke" at Mar 02, 2004 02:43:39 PM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Stefan Bethke, sie said: > > Am 01.03.2004 um 18:42 schrieb Mike Silbersack: > > A specially constructed stateful firewall could be constructed to deal > > with this DoS, but I'm certain that there's no way you could use ipf or > > anything preexisting to do the job. IPFilter v4 can prevent this attack with: pass in .. proto tcp ... keep state(strict) > OpenBSD's pf scrubbing should be helpful here. From the FAQ: > > The scrub directive also reassembles fragmented packets, protecting > > some operating systems from some forms of attack. > <http://www.openbsd.org/faq/pf/scrub.html>; Uh, no, "scrub" dosn't protect against this attack at all (or at least not according to that web page.) Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403021613.i22GDcM8005592>