FreeBSD Security Advisory FreeBSD-SA-14:08.tcp

Fri May 2 15:16:52 UTC 2014

"Ronald F. Guilmette" <rfg at tristatelogic.com> writes:

> I also have a question....
>
> If one manages a system where (a) all local user accounts are completely
> and 100% trustworthy and where (b) one has in place ipfw rules which reject
> all incoming packet *fragments* on all outward-facing interfaces, then is
> this security problem (relating to the reassembly queue) an issue at all
> for said system?  Or is it rather a non-event in such contexts?

That should keep you safe, but it will break some legitimate
connections, not to mention MTU discovery.