In message <caabacd8bcae7b4b8a7906eedc9debc5024ef...@iad-wprd-xchb01.corp.verio .net>, "David DeSimone" <[email protected]> wrote:
>Are you perhaps confusing IP Fragment Reassembly with the similar but >unrelated TCP Segment Reassembly? That's entirely possible. I have near zero experience with or understanding of either of these types of packet fragmentation. >My understanding is that TCP stacks normally try very hard not to >generate IP fragments in a TCP stream. > >It appears that this bug report relates only to TCP Reassembly, and has >nothing to do with IP Fragments. But perhaps I am misreading it? OK, so how would one block all incoming *TCP* fragments... you know... in order to render this specific security issue a non-issue? (I personally am already blocking inbound IP fragments viw ipfw.) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
