List Info

Thread: ping of death
ping of death
country flaguser name
United States		 2007-08-30 14:12:19 
Nessus give it to me:

Mensagem: 
The machine crashed when pinged with an incorrectly
fragmented packet.
This is known as the 'jolt' or 'ping of death' denial of
service attack.

An attacker may use this flaw to shut down this server,
thus preventing you from working properly.

Solution : contact your operating system vendor for a patch.



 

How can i fix this using pf ??

thanks
Lorenz



      Flickr agora em português. Você clica, todo mundo vê.
http://www.flickr.com.br/
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: ping of death
country flaguser name
Germany		 2007-08-30 15:22:39 
On Thursday 30 August 2007, Lorenz Helleis wrote:
> Nessus give it to me:
>
> Mensagem:
> The machine crashed when pinged with an incorrectly
fragmented packet.
> This is known as the 'jolt' or 'ping of death' denial
of service
> attack.
>
> An attacker may use this flaw to shut down this
server,
> thus preventing you from working properly.
>
> Solution : contact your operating system vendor for a
patch.
>
> How can i fix this using pf ??

basic scrubbing will take care of the classic 'ping of
death':

        /* Respect maximum length */
        if (fragoff + ip_len > IP_MAXPACKET) {
                DPFPRINTF(("max packet %dn",
fragoff + ip_len));
                goto bad;
        }

so 

	scrub in on $ext_if 

should keep you save.

-- 
/"  Best regards,                      | mlaierfreebsd.org
 /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.l
ove2party.net/  | mlaierEFnet
/   ASCII Ribbon Campaign              | Against HTML Mail
and News
Re: ping of death
user name
 2007-08-30 15:05:50 
On 8/30/07, Lorenz Helleis <lorenzhelleisyahoo.com.br> wrote:
> Nessus give it to me:
>
> Mensagem:
> The machine crashed when pinged with an incorrectly
fragmented packet.
> This is known as the 'jolt' or 'ping of death' denial
of service attack.
>
> An attacker may use this flaw to shut down this
server,
> thus preventing you from working properly.
>
> Solution : contact your operating system vendor for a
patch.
>
> How can i fix this using pf ??
>

You'll have to be a whole lot more specific - did a machine
actually
crash? If not, that's a false positive from Nessus.  If so,
what
machine crashed? One running FreeBSD with pf? One behind a
firewall
running FreeBSD with pf?

-Chris
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )