i think so too. the packet is already in before it even reaches the filter code. but i think they fixed that up since kernel 2.0.3x pa. i remember that it was a big issue because so many unix platforms did not check the size of the illegally large icmp packets which make up the ping of death.
pong On Fri, 16 Nov 2001, Gerald Timothy quimpo wrote: > > Syn Floods, Ping floods, unless you deny icmp as well. If your > > kernel is old, ye old ping of death will do you.. > > i thought about that. but then i decided that if the kernel is > vulnerable (i.e., old) and (as in my setup), the firewall is not a > separate computer then the kernel will still get all those packets, > right? so when the ping of death comes, the box will die anyway > despite firewall icmp deny rules? > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
