This may be repeated information but a quick search of the
archives didn't turn anything up, so here goes...
There is a problem in the TCP/IP stack of ANS's Interlock Internet
Firewall product. Sending the correct series of packet fragments will
cause the machine to reboot. Bellow is part of a problem description
provided by ANS. A patch is available.
>The 1st fragment contains all (or most) of the packets payload and it
>incorrectly indicates that no other fragments are coming (the IP
>more fragment field is not set). The next fragment is sent with a
>zero length and uses the same packet identifier (indicating its
>another part of the earlier packet). This packet also does not
>indicate that more fragments are coming. The result is a zero length
>fragment arrives at the InterLock and gets processed by the Solaris
>fragment handling code. Unfortunately, the Solaris fragment timeout
>handling code (which gets involved 60 seconds later) doesnt properly
>handle the zero length fragment and its panics the box during cleanup.
-The Lurker
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:42 PDT