From owner-freebsd-security  Mon Sep  4 10:38:45 2000
Delivered-To: freebsd-security@freebsd.org
Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id B0B8D37B422; Mon,  4 Sep 2000 10:38:42 -0700 (PDT)
Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131])
	by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id LAA09314;
	Mon, 4 Sep 2000 11:38:28 -0600 (MDT)
	(envelope-from nate@nomad.yogotech.com)
Received: (from nate@localhost)
	by nomad.yogotech.com (8.8.8/8.8.8) id LAA14631;
	Mon, 4 Sep 2000 11:38:28 -0600 (MDT)
	(envelope-from nate)
Date: Mon, 4 Sep 2000 11:38:28 -0600 (MDT)
Message-Id: <200009041738.LAA14631@nomad.yogotech.com>
From: Nate Williams <nate@yogotech.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Bill Fumerola <billf@chimesnet.com>
Cc: Nate Williams <nate@yogotech.com>,
	Darren Reed <avalon@coombs.anu.edu.au>,
	Robert Watson <rwatson@FreeBSD.ORG>, Dragos Ruiu <dr@kyx.net>,
	cjclark@alum.mit.edu, "Crist J . Clark" <cjclark@reflexnet.net>,
	Nicolas <list@rachinsky.de>, freebsd-security@FreeBSD.ORG
Subject: Re: ipfw and fragments
In-Reply-To: <20000904133639.V33771@jade.chc-chimes.com>
References: <Pine.NEB.3.96L.1000903094614.69440A-100000@fledge.watson.org>
	<200009032010.HAA15013@cairo.anu.edu.au>
	<20000903173136.S33771@jade.chc-chimes.com>
	<200009040233.UAA12035@nomad.yogotech.com>
	<20000904133639.V33771@jade.chc-chimes.com>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Reply-To: nate@yogotech.com (Nate Williams)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > > > It never reassembles and doesn't hold them in a buffer until they're
> > > > all received either.
> > > 
> > > Which I still think is the proper behavior for both ipfw and ipfilter.
> > 
> > I can think of some trivially easy DoS attacks if this is done...
> 
> I meant in my original message "I think the current behavior of holding
> not reassembling and not holding them in a buffer is the proper behavior
> for both ipfw and ipfilter".
> 
> I was agreeing with darrenr.

Oh.  Then I agree with you. :)


Nate
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message