"Ronald F. Guilmette" <rfg@tristatelogic.com> writes: > I also have a question.... > > If one manages a system where (a) all local user accounts are completely > and 100% trustworthy and where (b) one has in place ipfw rules which reject > all incoming packet *fragments* on all outward-facing interfaces, then is > this security problem (relating to the reassembly queue) an issue at all > for said system? Or is it rather a non-event in such contexts? That should keep you safe, but it will break some legitimate connections, not to mention MTU discovery. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"