mbuf vulnerability

Stefan Bethke stb at lassitu.de
Tue Mar 2 05:43:45 PST 2004

Am 01.03.2004 um 18:42 schrieb Mike Silbersack:
> A specially constructed stateful firewall could be constructed to deal
> with this DoS, but I'm certain that there's no way you could use ipf or
> anything preexisting to do the job.

OpenBSD's pf scrubbing should be helpful here. From the FAQ:
> The scrub directive also reassembles fragmented packets, protecting 
> some operating systems from some forms of attack.

Our port is only for 5.0 or newer, though.

Stefan Bethke <stb at lassitu.de>   Fon +49 170 346 0140

More information about the freebsd-security mailing list