From owner-freebsd-security  Mon Jan 10 22: 5:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11])
	by hub.freebsd.org (Postfix) with ESMTP id 9354E15431
	for <freebsd-security@FreeBSD.ORG>; Mon, 10 Jan 2000 22:05:03 -0800 (PST)
	(envelope-from avalon@cairo.anu.edu.au)
Received: (from avalon@localhost)
	by cairo.anu.edu.au (8.9.3/8.9.3) id RAA07943;
	Tue, 11 Jan 2000 17:04:31 +1100 (EST)
From: Darren Reed <avalon@coombs.anu.edu.au>
Message-Id: <200001110604.RAA07943@cairo.anu.edu.au>
Subject: Re: Ensuring packet defragmentation in FreeBSD?
To: jwyatt@rwsystems.net (James Wyatt)
Date: Tue, 11 Jan 2000 17:04:31 +1100 (Australia/NSW)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.10.10001062317370.24561-100000@bsdie.rwsystems.net> from "James Wyatt" at Jan 06, 2000 11:23:02 PM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In some mail from James Wyatt, sie said:
> 
> I've been looking at sevral programs to help test client setups and
> learning how they work. I noticed in the nmap manpage, it states:
> 
> 	"...this method won't get by packet filters and firewalls that
> 	queue all IP fragments (like the CONFIG_IP_ALWAYS_DEFRAG option
> 	in the Linux kernel),..."
> 
> Does FreeBSD queue packet fragments and/or reassemble them in a way I can
> detect this probing by fragmented packets? Which files should I look in?

You don't really want to do this anyway...the current maintainer of
the linux firewalling code has made some nasty comments about the
side effects of this behaviour.

Darren


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message