Best way to filter "Nachi pings"?
Brett Glass
brett at lariat.org
Mon Oct 27 18:05:58 PST 2003
At 12:22 PM 10/27/2003, Peter C. Lai wrote:
>Similarly, is there a reason that you wouldn't be able to use the less robust
>ipfw2 on your release (since I assume you'd be using it purely for its iplen
>capabilities)?
Look at some of the latest notes in the CVS database. They mention
use-after-free problems, security holes (unprivileged users can
manipulate the firewall), and other things you just wouldn't want
on a production system. The good news is that they scoured the code
quite thoroughly, and it seems to be solid now.
--Brett
More information about the freebsd-security
mailing list