[Bug 287229] IP reassembly issue in FreeBSD 14.1

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287229

--- Comment #24 from Lucas Aubard <lucas.aubard@irisa.fr> ---
(In reply to Michael Tuexen from comment #18)
Thanks for the details!

We are currently working on Network Intrusion Detection Systems (NIDS) evasion
with overlapping IP fragments or TCP segments. 
Some NIDSes (Suricata, Snort) propose configuring their IP and TCP reassemblies
based on the supervised host OSes as an evasion countermeasure to
overlapping-based attacks. In that context, we test OSes (and other stacks) to
obtain and describe their reassembly policies so NIDSes can implement and
propose them.
From a NIDS perspective, OS reassembly consistency is thus quite important.
We recently wrote a paper on that subject https://arxiv.org/pdf/2504.21618
(that will appear at DIMVA'25) if you want more details.

The 40 processes do not correspond to any particular real situation I would try
to reproduce. As I mentioned, I test OS VMs simultaneously if possible, and 40
processes is a good tradeoff between the time it takes for the entire
experiment to finish and the number of VMs I can run in parallel.

-- 
You are receiving this mail because:
You are on the CC list for the bug.