Re: mbuf vulnerability

From: Mike Silbersack (silby_at_silby.com)
Date: 03/02/04

  • Next message: Stefan Bethke: "Re: mbuf vulnerability"
    Date: Tue, 2 Mar 2004 11:18:01 -0600 (CST)
    To: Darren Reed <avalon@caligula.anu.edu.au>
    
    

    On Wed, 3 Mar 2004, Darren Reed wrote:

    > IPFilter v4 can prevent this attack with:
    >
    > pass in .. proto tcp ... keep state(strict)

    Nope, I just tested this. Well, I should say that it doesn't provide any
    protection with "keep state"... what does (strict) mean? The ipf in
    FreeBSD doesn't seem to support it.

    > > OpenBSD's pf scrubbing should be helpful here. From the FAQ:
    > > > The scrub directive also reassembles fragmented packets, protecting
    > > > some operating systems from some forms of attack.
    > > <http://www.openbsd.org/faq/pf/scrub.html>
    >
    > Uh, no, "scrub" dosn't protect against this attack at all (or at least
    > not according to that web page.)
    >
    > Darren

    Also true, as this has nothing to do with ip fragments.

    Mike "Silby" Silbersack
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Stefan Bethke: "Re: mbuf vulnerability"

    Relevant Pages

    • Re: FreeBSD and the Rose Attack / NewDawn
      ... Mike "Silby" Silbersack ... To unsubscribe, ...
      (freebsd-net)
    • Re: Dell fast ethernet 3ccfe575bt-d
      ... On Tue, 26 Aug 2003, Maxime Henrion wrote: ... Mike "Silby" Silbersack ... To unsubscribe, ...
      (freebsd-hackers)
    • Re: net.inet.icmp.icmplim change issues
      ... On Fri, 30 Jan 2004, Mike Hunter wrote: ... Mike "Silby" Silbersack ... To unsubscribe, ...
      (freebsd-net)
    • Re: Orphaned User Accounts?
      ... always fix on my systems so that it doesn't do that by default. ... "protection" in the case of connection drops. ... have it fail you at some critical time. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: Etch and Audio CDs
      ... Interestingly enough there are quite a couple of high quality CD ... players that will choke on those discs (which actually aren't a CD ... because of that copy protection). ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)