From owner-freebsd-bugs@FreeBSD.ORG  Tue Apr 26 08:00:36 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C3DBF16A4D3
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 26 Apr 2005 08:00:36 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4E1F743D6B
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 26 Apr 2005 08:00:35 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3Q80YIN045471
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 26 Apr 2005 08:00:34 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3Q80YIf045470;
	Tue, 26 Apr 2005 08:00:34 GMT
	(envelope-from gnats)
Resent-Date: Tue, 26 Apr 2005 08:00:34 GMT
Resent-Message-Id: <200504260800.j3Q80YIf045470@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	realsight <realsight@nm.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 18A7016A4CE
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 26 Apr 2005 07:52:52 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DF79A43D4C
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 26 Apr 2005 07:52:51 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j3Q7qpRa021259
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 26 Apr 2005 07:52:51 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j3Q7qp8n021258;
	Tue, 26 Apr 2005 07:52:51 GMT
	(envelope-from nobody)
Message-Id: <200504260752.j3Q7qp8n021258@www.freebsd.org>
Date: Tue, 26 Apr 2005 07:52:51 GMT
From: realsight <realsight@nm.ru>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Subject: misc/80354: Path MTU discovery ICMP NATD BSD 6.0 crash
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2005 08:00:37 -0000


>Number:         80354
>Category:       misc
>Synopsis:       Path MTU discovery ICMP NATD BSD 6.0 crash
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 26 08:00:34 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     realsight
>Release:        free BSD 6.0
>Organization:
>Environment:
kernel custom FreeBSD 6.0 
custom kernel options are:
IPFIREWALL
DUMMYNET
IPDIVERT

>Description:
after sending serval icmp malfromed packets related to Path MTU discovery attack freebsd crashes due the fact of consuming large amounts of cpu and memory resources, tested as an throughput of NATD 

related infos:
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html

da
cu

>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted: