FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
Ronald F. Guilmette
rfg at tristatelogic.com
Fri May 2 19:42:30 UTC 2014
In message <CAABACD8BCAE7B4B8A7906EEDC9DEBC5024EFDCD at IAD-WPRD-XCHB01.corp.verio
.net>, "David DeSimone" <ddesimone at verio.net> wrote:
>Are you perhaps confusing IP Fragment Reassembly with the similar but
>unrelated TCP Segment Reassembly?
That's entirely possible. I have near zero experience with or understanding
of either of these types of packet fragmentation.
>My understanding is that TCP stacks normally try very hard not to
>generate IP fragments in a TCP stream.
>
>It appears that this bug report relates only to TCP Reassembly, and has
>nothing to do with IP Fragments. But perhaps I am misreading it?
OK, so how would one block all incoming *TCP* fragments... you know...
in order to render this specific security issue a non-issue? (I personally
am already blocking inbound IP fragments viw ipfw.)
More information about the freebsd-security
mailing list