On Wed, Mar 03, 2004 at 11:40:03AM +0200, Mark Bojara wrote: > Just a quick question. I am doing scrub on my upstream OpenBSD server. > Will this work as a temporary workaround for this security flaw (below) > in FreeBSD?
No, scrub does IP reassembly (assembling IP fragments into complete IP packets). But the problem you refer to is about out-of-order TCP segments. It's a somewhat similar scheme (TCP reassembly does something similar to IP reassembly), but on a different level. I think doing this in pf scrub for TCP segments is still on the todo list (or once was, at least) ;) Daniel
