This may be repeated information but a quick search of the archives didn't turn anything up, so here goes... There is a problem in the TCP/IP stack of ANS's Interlock Internet Firewall product. Sending the correct series of packet fragments will cause the machine to reboot. Bellow is part of a problem description provided by ANS. A patch is available. >The 1st fragment contains all (or most) of the packets payload and it >incorrectly indicates that no other fragments are coming (the IP >more fragment field is not set). The next fragment is sent with a >zero length and uses the same packet identifier (indicating its >another part of the earlier packet). This packet also does not >indicate that more fragments are coming. The result is a zero length >fragment arrives at the InterLock and gets processed by the Solaris >fragment handling code. Unfortunately, the Solaris fragment timeout >handling code (which gets involved 60 seconds later) doesnt properly >handle the zero length fragment and its panics the box during cleanup. -The Lurker
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:42 PDT