Date: Wed, 25 Feb 2015 18:21:58 +0100 From: Remko Lodder <remko@FreeBSD.org> To: Karl Pielorz <kpielorz_lst@tdx.co.uk> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix? Message-ID: <1BE461E0-D2AC-4222-8D41-B7F97E83FD74@FreeBSD.org> In-Reply-To: <ABE6D1EBAF2F5AEB25D65407@[10.12.30.106]> References: <ABE6D1EBAF2F5AEB25D65407@[10.12.30.106]>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_8B5A2B00-5407-491B-9760-2C319F006544 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On 25 Feb 2015, at 12:24, Karl Pielorz <kpielorz_lst@tdx.co.uk> wrote: >=20 >=20 > Hi, >=20 > Presumably if you don't need IGMP, ipfw can be used to mitigate this = on hosts until they're patched / rebooted, i.e. >=20 > ipfw add x deny igmp from any to any >=20 > ? This suggests that you can filter the traffic: Block incoming IGMP packets by protecting your host/networks with a = firewall. (Quote from the SA). Br, Remko >=20 > Thanks, >=20 > -Karl >=20 > ---------- Forwarded Message ---------- > Date: 25 February 2015 06:29 +0000 > From: FreeBSD Security Advisories <security-advisories@freebsd.org> > To: FreeBSD Security Advisories <security-advisories@freebsd.org> > Subject: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= > =3D=3D FreeBSD-SA-15:04.igmp = Security > Advisory The > FreeBSD Project >=20 > Topic: Integer overflow in IGMP protocol >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" -- /"\ Best regards, | remko@FreeBSD.org \ / Remko Lodder | remko@EFnet X http://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News --Apple-Mail=_8B5A2B00-5407-491B-9760-2C319F006544 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJU7gS3AAoJEKjD27JZ84ywuWYQAKrK/VCC5CfTrftCoJXFF8vl MuB8/1dP8rooI3q0mHZ218gyggUhBC8vGEjKSa9exug6ME7PIxWAqNsGnTVYFkNo 8dzrRvXoy/sEaMNcCO6+9Mn3UP8OAYY9kJBe9UaWruXjsbqAnkETkVNaBJ18mZse GMZPKN93+E11cNBYWiAsZihCkjDTY4ixQjopt6AlcpRWVb9lkLwBsiH4XQOhe7C7 lIBuNGtq9jA0kpBU0FduxglquJCaBTY2wU1fKnOeqgVtT7sLaJ1NmELACJJzBWU8 Lh0ud8MQ8yiqLB6fLVfVLVIzX/jWTiVPvzgLs0p0UiP6I7YBPPHeOXSaQ87Kzkwj 146cT+YphCLuEnLS9MZp2xJ2pEvgw2390vyMecB0xcJhVlNhB+NB5rJxW+BJyx0Y UsqCeu7YFkOtZDiGzcuie+SnPdDmM28S8BSOy1UHhPz3tArdQfvqF25HMno6tW0L o6H+kLcdUeXCdMYZd7Kij2aQJRWnNt/ytsRfuzXa3nDBlMUmNSkZpJZ2DtcBJqUl zVI8iau9F+Ibhs/hxbSjtQ4f+IhOXyn5ZXCgx02xFFw/XBiDbLOSqeY2xkoTlL0m N5630f1d4gZ3gZtWiMfDYvnjX7SbCFO7az0LxvFOxxBqmkWf9KW2xrOwyRbrZSJ/ Li7GIzf8EsXd7ECCJ9Tm =9xR7 -----END PGP SIGNATURE----- --Apple-Mail=_8B5A2B00-5407-491B-9760-2C319F006544--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1BE461E0-D2AC-4222-8D41-B7F97E83FD74>