From owner-cvs-all Sun Dec 17 2: 7:50 2000 From owner-cvs-all@FreeBSD.ORG Sun Dec 17 02:07:47 2000 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id 60F9F37B400; Sun, 17 Dec 2000 02:07:46 -0800 (PST) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.1/8.11.1) with ESMTP id eBHA7if17661; Sun, 17 Dec 2000 11:07:45 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Kris Kennaway Cc: jesper@skriver.dk, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_icmp.c tcp_subr.c tcp_var.h In-Reply-To: Your message of "Sun, 17 Dec 2000 01:54:14 PST." <20001217015414.A18302@citusc.usc.edu> Date: Sun, 17 Dec 2000 11:07:44 +0100 Message-ID: <17659.977047664@critter> From: Poul-Henning Kamp Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <20001217015414.A18302@citusc.usc.edu>, Kris Kennaway writes: >The attack I'm thinking of involves flooding a machine with (possibly >spoofed) ICMP packets which would effectively deny the ability for >that machine to connect to its destination. To quote Bruce "we have better panic(8) implementations that that". >If this attack is possible then I'm unhappy having this code in >FreeBSD, even disabled by default..RFC be damned :-) I'll let Jesper defend his own code, he's CC'ed... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message