Date: Tue, 2 Mar 2004 11:18:01 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Darren Reed <avalon@caligula.anu.edu.au> Cc: Stefan Bethke <stb@lassitu.de> Subject: Re: mbuf vulnerability Message-ID: <20040302111509.E12133@odysseus.silby.com> In-Reply-To: <200403021613.i22GDcM8005592@caligula.anu.edu.au> References: <200403021613.i22GDcM8005592@caligula.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 Mar 2004, Darren Reed wrote: > IPFilter v4 can prevent this attack with: > > pass in .. proto tcp ... keep state(strict) Nope, I just tested this. Well, I should say that it doesn't provide any protection with "keep state"... what does (strict) mean? The ipf in FreeBSD doesn't seem to support it. > > OpenBSD's pf scrubbing should be helpful here. From the FAQ: > > > The scrub directive also reassembles fragmented packets, protecting > > > some operating systems from some forms of attack. > > <http://www.openbsd.org/faq/pf/scrub.html> > > Uh, no, "scrub" dosn't protect against this attack at all (or at least > not according to that web page.) > > Darren Also true, as this has nothing to do with ip fragments. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040302111509.E12133>