Re: [URGENT ASSISTANCE REQUESTED] production machines dying

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 24 Nov 1997 22:12:56 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Bernhard Rosenkraenzer: "[2.1.65] include net/if.h bug"
Previous message: Alan Cox: "Re: [URGENT ASSISTANCE REQUESTED] production machines dying"

> Could we truly be a victim of this bug, even with firewall rules in effect
> that reject everything except nntp connections from specific hosts?

Because you said "defragment all packets" yes. In that mode it defragments
them and explodes before it firewalls.

Normally this is rational. Assembling the frame first allows a firewall
module to make more complex decisions and do things like context
analysis of NFS frames for example.

Alan

Next message: Bernhard Rosenkraenzer: "[2.1.65] include net/if.h bug"
Previous message: Alan Cox: "Re: [URGENT ASSISTANCE REQUESTED] production machines dying"