[264] in linux-security and linux-alert archive
Fragmentation
daemon@ATHENA.MIT.EDU (Panzer Boy)
Mon Jun 19 14:01:56 1995
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Panzer Boy)
Date: 15 Jun 1995 02:54:56 -0400
Anyone know about linux's ip firewall ability concerning packet
fragmentation. It's currently the "hot thing" as even cisco's are
vulnerable (if you don't have current patch).
My guess is that it shouldn't be as the firewall code should be called
after all packets are reassembled, though I've learned to never assume
things when it comes to security.
Can either someone who has looked at the code (I haven't had a chance),
or has written part of it comment?
(ps, my I have a basic version of skey support integrated in the
shadow3.3.2 system. This verion of skey is taken directly from
log-daemon 4.9, and supports md4, md5, and also the skey.access file.
If you are interested in helping test out this version, please email me.)
--
-Matt (panzer@dhp.com) DI-1-9026
"That which can never be enforced should not be prohibited."
