On Fri, 17 Apr 1998, Michal Zalewski wrote:
> I'm not sure if it's known, but I haven't found anything about it.
> No matter, there's something strange in net/ipv4/ip_fragment.h (it's
> probably Alan's fault):
>
> if(len>65535)
> {
> printk("Oversized IP packet from %s.\n", in_ntoa(qp->iph->saddr));
Actually, I think I have to take credit for that. I don't remember if the
original (Alan's) patch printk'd at all (I don't think it did)...but I
know I was the one who wanted to see claimed source addresses. Belive it
or not, I caught one of our own users trying to crash our mail server
about an hour after adding the fix with the printk. Can you say luserdel?
Rather than use NETDEBUG to totally disable the printk, I think it might
be more useful to put in some code to limit frequency of reporting...sort
of like Solar Designer's secure-linux patch's security_alert() function
does.
------------------------------------------------------------------
Jon Lewis <jlewisat_private> |
Network Administrator |
Florida Digital Turnpike |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:59 PDT