Date: Tue, 16 Jan 1996 22:55:53 +0200 (EET) From: "Andrew V. Stesin" <stesin@elvisti.kiev.ua> To: security@freebsd.org Subject: Can ipfw in 2.1 handle overlapped fragments? Message-ID: <199601162055.WAA01138@office.elvisti.kiev.ua>
next in thread | raw e-mail | index | archive | help
Hello, dear security experts, I'm investigating the firewall wizardry now; while looking into /sys/netinet/ip_fw.c I got a question: Is my imagination that ipfw can't handle a fragmentation-based attack of kind when zero fragment is overwritten by the later one (with zero offset)? Or I'm too much of paranoid? Is upgrading ip_fw with the stuff from a "current" -stable worth the effort? Or maybe it's better to install some other firewall facility available from "external" source? (I know there are some). Thanks for your comments and suggestions! -- With best regards -- Andrew Stesin. +380 (44) 2760188 +380 (44) 2713457 +380 (44) 2713560 An undocumented feature is a coding error.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601162055.WAA01138>