stb at lassitu.de
Tue Mar 2 05:43:45 PST 2004
Am 01.03.2004 um 18:42 schrieb Mike Silbersack:
> A specially constructed stateful firewall could be constructed to deal
> with this DoS, but I'm certain that there's no way you could use ipf or
> anything preexisting to do the job.
OpenBSD's pf scrubbing should be helpful here. From the FAQ:
> The scrub directive also reassembles fragmented packets, protecting
> some operating systems from some forms of attack.
Our port is only for 5.0 or newer, though.
Stefan Bethke <stb at lassitu.de> Fon +49 170 346 0140
More information about the freebsd-security