Date: Mon, 4 Sep 2000 11:38:28 -0600 (MDT) From: Nate Williams <nate@yogotech.com> To: Bill Fumerola <billf@chimesnet.com> Cc: Nate Williams <nate@yogotech.com>, Darren Reed <avalon@coombs.anu.edu.au>, Robert Watson <rwatson@FreeBSD.ORG>, Dragos Ruiu <dr@kyx.net>, cjclark@alum.mit.edu, "Crist J . Clark" <cjclark@reflexnet.net>, Nicolas <list@rachinsky.de>, freebsd-security@FreeBSD.ORG Subject: Re: ipfw and fragments Message-ID: <200009041738.LAA14631@nomad.yogotech.com> In-Reply-To: <20000904133639.V33771@jade.chc-chimes.com> References: <Pine.NEB.3.96L.1000903094614.69440A-100000@fledge.watson.org> <200009032010.HAA15013@cairo.anu.edu.au> <20000903173136.S33771@jade.chc-chimes.com> <200009040233.UAA12035@nomad.yogotech.com> <20000904133639.V33771@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > It never reassembles and doesn't hold them in a buffer until they're > > > > all received either. > > > > > > Which I still think is the proper behavior for both ipfw and ipfilter. > > > > I can think of some trivially easy DoS attacks if this is done... > > I meant in my original message "I think the current behavior of holding > not reassembling and not holding them in a buffer is the proper behavior > for both ipfw and ipfilter". > > I was agreeing with darrenr. Oh. Then I agree with you. :) Nate > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009041738.LAA14631>