mbuf vulnerability

Mike Silbersack silby at silby.com
Tue Mar 2 09:18:04 PST 2004


On Wed, 3 Mar 2004, Darren Reed wrote:

> IPFilter v4 can prevent this attack with:
>
> pass in .. proto tcp ... keep state(strict)

Nope, I just tested this.  Well, I should say that it doesn't provide any
protection with "keep state"... what does (strict) mean?  The ipf in
FreeBSD doesn't seem to support it.

> > OpenBSD's pf scrubbing should be helpful here. From the FAQ:
> > > The scrub directive also reassembles fragmented packets, protecting
> > > some operating systems from some forms of attack.
> > <http://www.openbsd.org/faq/pf/scrub.html>
>
> Uh, no, "scrub" dosn't protect against this attack at all (or at least
> not according to that web page.)
>
> Darren

Also true, as this has nothing to do with ip fragments.

Mike "Silby" Silbersack


More information about the freebsd-security mailing list