Hi,
On Wed, Oct 11, 2006 at 12:21:06PM +0200, Jeremie Le Hen wrote:
> Hi,
>
> On Sun, Oct 01, 2006 at 12:30:22AM -0700, FreeBSD Security Officer wrote:
> > Users of FreeBSD 4.11 systems are also reminded that that FreeBSD 4.11
> > will reach its End of Life at the end of January 2007 and that the
Hello,
While making some tests with fragmented udp DNS responses (with
EDNS0), we discovered a possible problem with ipf and pf in FreeBSD
6.2 and 7.0 (200705 snapshot).
Our test is a DNS query to an DNSSEC enabled server which replies with
a ~4KB udp response. We do this with the following dig
Ok. I understand that, but in FreeBSD 4.11 it works and without the
"keep frags" the query is blocked. Is it just a misbehaviour of
an old ipf version?
And there is also the different behaviour of pf under OpenBSD. As I
understand, the "scrub" rule should reassemble the fragments and pass
the comp
