Date: Mon, 4 Sep 2000 13:36:39 -0400 From: Bill Fumerola <billf@chimesnet.com> To: Nate Williams <nate@yogotech.com> Cc: Darren Reed <avalon@coombs.anu.edu.au>, Robert Watson <rwatson@FreeBSD.ORG>, Dragos Ruiu <dr@kyx.net>, cjclark@alum.mit.edu, "Crist J . Clark" <cjclark@reflexnet.net>, Nicolas <list@rachinsky.de>, freebsd-security@FreeBSD.ORG Subject: Re: ipfw and fragments Message-ID: <20000904133639.V33771@jade.chc-chimes.com> In-Reply-To: <200009040233.UAA12035@nomad.yogotech.com>; from nate@yogotech.com on Sun, Sep 03, 2000 at 08:33:53PM -0600 References: <Pine.NEB.3.96L.1000903094614.69440A-100000@fledge.watson.org> <200009032010.HAA15013@cairo.anu.edu.au> <20000903173136.S33771@jade.chc-chimes.com> <200009040233.UAA12035@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 03, 2000 at 08:33:53PM -0600, Nate Williams wrote: > > > It never reassembles and doesn't hold them in a buffer until they're > > > all received either. > > > > Which I still think is the proper behavior for both ipfw and ipfilter. > > I can think of some trivially easy DoS attacks if this is done... I meant in my original message "I think the current behavior of holding not reassembling and not holding them in a buffer is the proper behavior for both ipfw and ipfilter". I was agreeing with darrenr. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000904133639.V33771>