Re: mbuf vulnerability
From: Mike Silbersack (silby_at_silby.com)
Date: Tue, 2 Mar 2004 11:18:01 -0600 (CST) To: Darren Reed <email@example.com>
On Wed, 3 Mar 2004, Darren Reed wrote:
> IPFilter v4 can prevent this attack with:
> pass in .. proto tcp ... keep state(strict)
Nope, I just tested this. Well, I should say that it doesn't provide any
protection with "keep state"... what does (strict) mean? The ipf in
FreeBSD doesn't seem to support it.
> > OpenBSD's pf scrubbing should be helpful here. From the FAQ:
> > > The scrub directive also reassembles fragmented packets, protecting
> > > some operating systems from some forms of attack.
> > <http://www.openbsd.org/faq/pf/scrub.html>
> Uh, no, "scrub" dosn't protect against this attack at all (or at least
> not according to that web page.)
Also true, as this has nothing to do with ip fragments.
Mike "Silby" Silbersack
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "email@example.com"