In message <CAABACD8BCAE7B4B8A7906EEDC9DEBC5024EFDCD@IAD-WPRD-XCHB01.corp.verio ..net>, "David DeSimone" <[email protected]> wrote: >Are you perhaps confusing IP Fragment Reassembly with the similar but >unrelated TCP Segment Reassembly? That's entirely possible. I have near zero experience with or understanding of either of these types of packet fragmentation. >My understanding is that TCP stacks normally try very hard not to >generate IP fragments in a TCP stream. > >It appears that this bug report relates only to TCP Reassembly, and has >nothing to do with IP Fragments. But perhaps I am misreading it? OK, so how would one block all incoming *TCP* fragments... you know... in order to render this specific security issue a non-issue? (I personally am already blocking inbound IP fragments viw ipfw.) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"