On Fri, May 07, 2004 at 05:07:53AM +0400, Maxim Konovalov wrote:
> I hope you are not going to turn off ip fragmentation/reassembling by
> default to make SO happy, aren't you?
I know you are being sarcastic, but: that wouldn't make the SO happy.
Cheers,
--
Jacques Vidrine / [EMAIL PROTECTED] / [
On Fri, May 07, 2004 at 09:51:00AM +0200, Martin Stiemerling wrote:
> Anyway, setting the default to reject packets is IMHO not
> a good idea,
After a night's sleep, I also agree. Emitting ICMP messages is
probably a bad, bad default.
Cheers,
--
Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PRO
On Thu, May 06, 2004 at 09:16:03PM +0200, Andre Oppermann wrote:
> I have just committed the attached change to ip_input() to control the
> behaviour of IP Options processing. The default is the unchanged
> current behaviour.
>
> However I want to propose to change the default from processing opt
- Forwarded message from [EMAIL PROTECTED] -
Date: Tue, 30 Mar 2004 22:18:05 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IPv4 fragmentation --> The Rose Attack
Message-ID: <[EMAIL PROTECTED]>
Greetings and Salutations:
While this discussion pertains to IPv4, IPv6 also a
Does anyone have time to investigate? I will try to get more
information from iDEFENSE.
Cheers,
--
Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
- Forwarded message from Baby Peanut <[EMAIL PROTECTED]> -
Date: Wed, 18 Feb 2004 06:21:25 -0800 (PST)
From: Ba
On Fri, Dec 12, 2003 at 04:20:04PM -0700, Brett Glass wrote:
> It'd be nice to restrict which ports the OS
> allowed apps to use, not only so that they don't get blocked by a firewall
> but so that a worm that's gotten into the system is detected. (You could set
> off an alarm if it tried to bind a
On Thu, Dec 11, 2003 at 08:12:49PM -0700, Brett Glass wrote:
> Is there a way to control the range of ports to which FreeBSD's
> natd maps outgoing connections? I'm attempting to deal with a
> situation in which natd is (sometimes) changing outgoing UDP
> packets' source port numbers to ones which
On Fri, Sep 26, 2003 at 04:23:49PM +0100, Bruce M Simpson wrote:
> Hi,
>
> Based on discussion between ru@ and I, there's a patch attached which
> tries to fix the problem without deleting GENMASK routes, and is
> stricter about not touching STATIC routes.
>
> Comments and reviews solicited, appr
Long, lng ago, someone reported a dc driver bug. However,
a couple of us have tried and failed to reproduce the problem. I
thought I'd bounce the issue here before completely forgetting about
it.
Cheers,
--
Jacques A. Vidrine <[EMAIL PROTECTED]> http://www.cela
Might FreeBSD suffer from this issue?
Do all our drivers pad packets with zero octets properly?
http://www.kb.cert.org/vuls/id/412115
http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf
Cheers,
--
Jacques A. Vidrine <[EMAIL PROTECTED]> http://www.cela
On Sun, Dec 17, 2000 at 10:08:52PM +0100, Jesper Skriver wrote:
> >(2) These same messages are not handled for connections not in
> >SYN-SENT: they ought to be
>
> Well, yes, but the real problem is when sessions are setup, the reason I
> only configured it to affect sessions in SYN-S
[Moved to freebsd-net]
On Sun, Dec 17, 2000 at 09:59:14AM -0600, Jacques A. Vidrine wrote:
> On Sun, Dec 17, 2000 at 10:24:12AM +0100, Poul-Henning Kamp wrote:
> > In message <[EMAIL PROTECTED]>, Kris Kennaway writes:
> > >This sounds like a security hole since ICMP m
12 matches
Mail list logo
