From owner-freebsd-security Tue Jan 16 14:25:58 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id OAA21627 for security-outgoing; Tue, 16 Jan 1996 14:25:58 -0800 (PST) Received: from sivka.carrier.kiev.ua (root@sivka.carrier.kiev.ua [193.125.68.130]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id OAA21596 for ; Tue, 16 Jan 1996 14:25:28 -0800 (PST) Received: from elvisti.kiev.ua (uucp@localhost) by sivka.carrier.kiev.ua (Sendmail 8.who.cares/5) with UUCP id XAA18522 for security@freebsd.org; Tue, 16 Jan 1996 23:30:53 +0200 Received: from office.elvisti.kiev.ua (office.elvisti.kiev.ua [193.125.28.33]) by spider2.elvisti.kiev.ua (8.6.12/8.ElVisti) with ESMTP id WAA10687 for ; Tue, 16 Jan 1996 22:55:54 +0200 Received: (from stesin@localhost) by office.elvisti.kiev.ua (8.6.12/8.ElVisti) id WAA01138 for security@freebsd.org; Tue, 16 Jan 1996 22:55:53 +0200 From: "Andrew V. Stesin" Message-Id: <199601162055.WAA01138@office.elvisti.kiev.ua> Subject: Can ipfw in 2.1 handle overlapped fragments? To: security@freebsd.org Date: Tue, 16 Jan 1996 22:55:53 +0200 (EET) X-Mailer: ELM [version 2.4 PL24alpha5] Content-Type: text Sender: owner-security@freebsd.org Precedence: bulk Hello, dear security experts, I'm investigating the firewall wizardry now; while looking into /sys/netinet/ip_fw.c I got a question: Is my imagination that ipfw can't handle a fragmentation-based attack of kind when zero fragment is overwritten by the later one (with zero offset)? Or I'm too much of paranoid? Is upgrading ip_fw with the stuff from a "current" -stable worth the effort? Or maybe it's better to install some other firewall facility available from "external" source? (I know there are some). Thanks for your comments and suggestions! -- With best regards -- Andrew Stesin. +380 (44) 2760188 +380 (44) 2713457 +380 (44) 2713560 An undocumented feature is a coding error.