Date: Thu, 30 Aug 2007 22:22:39 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: ping of death Message-ID: <200708302222.50629.max@love2party.net> In-Reply-To: <107702.63851.qm@web53701.mail.re2.yahoo.com> References: <107702.63851.qm@web53701.mail.re2.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Thursday 30 August 2007, Lorenz Helleis wrote:
> Nessus give it to me:
>
> Mensagem:
> The machine crashed when pinged with an incorrectly fragmented packet.
> This is known as the 'jolt' or 'ping of death' denial of service
> attack.
>
> An attacker may use this flaw to shut down this server,
> thus preventing you from working properly.
>
> Solution : contact your operating system vendor for a patch.
>
> How can i fix this using pf ??
basic scrubbing will take care of the classic 'ping of death':
/* Respect maximum length */
if (fragoff + ip_len > IP_MAXPACKET) {
DPFPRINTF(("max packet %d\n", fragoff + ip_len));
goto bad;
}
so
scrub in on $ext_if
should keep you save.
--
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQBG1ycaXyyEoT62BG0RAtexAJ41Evwjz4wdyOajLwpGmljlXzFQxACfSV8d
pMjWWFi42vHqiPVefug6kxo=
=T86h
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708302222.50629.max>