mbuf vulnerability
Mike Silbersack
silby at silby.com
Tue Mar 2 09:18:04 PST 2004
On Wed, 3 Mar 2004, Darren Reed wrote:
> IPFilter v4 can prevent this attack with:
>
> pass in .. proto tcp ... keep state(strict)
Nope, I just tested this. Well, I should say that it doesn't provide any
protection with "keep state"... what does (strict) mean? The ipf in
FreeBSD doesn't seem to support it.
> > OpenBSD's pf scrubbing should be helpful here. From the FAQ:
> > > The scrub directive also reassembles fragmented packets, protecting
> > > some operating systems from some forms of attack.
> > <http://www.openbsd.org/faq/pf/scrub.html>
>
> Uh, no, "scrub" dosn't protect against this attack at all (or at least
> not according to that web page.)
>
> Darren
Also true, as this has nothing to do with ip fragments.
Mike "Silby" Silbersack
More information about the freebsd-security
mailing list