Date: Mon, 4 Sep 2000 13:36:39 -0400 From: Bill Fumerola <billf@chimesnet.com> To: Nate Williams <nate@yogotech.com> Cc: Darren Reed <avalon@coombs.anu.edu.au>, Robert Watson <rwatson@FreeBSD.ORG>, Dragos Ruiu <dr@kyx.net>, cjclark@alum.mit.edu, "Crist J . Clark" <cjclark@reflexnet.net>, Nicolas <list@rachinsky.de>, freebsd-security@FreeBSD.ORG Subject: Re: ipfw and fragments Message-ID: <20000904133639.V33771@jade.chc-chimes.com> In-Reply-To: <200009040233.UAA12035@nomad.yogotech.com>; from nate@yogotech.com on Sun, Sep 03, 2000 at 08:33:53PM -0600 References: <Pine.NEB.3.96L.1000903094614.69440A-100000@fledge.watson.org> <200009032010.HAA15013@cairo.anu.edu.au> <20000903173136.S33771@jade.chc-chimes.com> <200009040233.UAA12035@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 03, 2000 at 08:33:53PM -0600, Nate Williams wrote:
> > > It never reassembles and doesn't hold them in a buffer until they're
> > > all received either.
> >
> > Which I still think is the proper behavior for both ipfw and ipfilter.
>
> I can think of some trivially easy DoS attacks if this is done...
I meant in my original message "I think the current behavior of holding
not reassembling and not holding them in a buffer is the proper behavior
for both ipfw and ipfilter".
I was agreeing with darrenr.
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000904133639.V33771>