mbuf vulnerability

[Stefan Bethke]

Am 01.03.2004 um 18:42 schrieb Mike Silbersack:
> A specially constructed stateful firewall could be constructed to deal
> with this DoS, but I'm certain that there's no way you could use ipf or
> anything preexisting to do the job.

OpenBSD's pf scrubbing should be helpful here. From the FAQ:
> The scrub directive also reassembles fragmented packets, protecting 
> some operating systems from some forms of attack.
<http://www.openbsd.org/faq/pf/scrub.html>

Our port is only for 5.0 or newer, though.

-- 
Stefan Bethke <stb at lassitu.de>   Fon +49 170 346 0140