Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: FreeBSD packet filter (pf) DoS using fragments. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
FreeBSD packet filter (pf) DoS using fragments.
FreeBSD announced a patch for a vulnerability that can trigger a kernel panic due to crafted fragments and their handling in pf(4).

Workrounds are available: do not use "scrub fragment crop" or "scrub fragment drop-ovl" in the pf.conf(5)

More information:
Swa Frantzen

760 Posts
Jan 25th 2006

Sign Up for Free or Log In to start participating in the conversation!