Date: Fri, 20 Jun 2025 10:03:19 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 287229] IP reassembly issue in FreeBSD 14.1 Message-ID: <bug-287229-7501-n8aHsUtONg@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-287229-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-287229-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D287229 --- Comment #24 from Lucas Aubard <lucas.aubard@irisa.fr> --- (In reply to Michael Tuexen from comment #18) Thanks for the details! We are currently working on Network Intrusion Detection Systems (NIDS) evas= ion with overlapping IP fragments or TCP segments.=20 Some NIDSes (Suricata, Snort) propose configuring their IP and TCP reassemb= lies based on the supervised host OSes as an evasion countermeasure to overlapping-based attacks. In that context, we test OSes (and other stacks)= to obtain and describe their reassembly policies so NIDSes can implement and propose them. >From a NIDS perspective, OS reassembly consistency is thus quite important. We recently wrote a paper on that subject https://arxiv.org/pdf/2504.21618 (that will appear at DIMVA'25) if you want more details. The 40 processes do not correspond to any particular real situation I would= try to reproduce. As I mentioned, I test OS VMs simultaneously if possible, and= 40 processes is a good tradeoff between the time it takes for the entire experiment to finish and the number of VMs I can run in parallel. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-287229-7501-n8aHsUtONg>