Is the Illumos IP stack known to suffer from IP and/or TCP segment
reassembly DOS problems as FreeBSD and Linux have recently been found
to have?
The situation must be pretty bad, with this advisement coming out
about FreeBSD TCP reassembly:
"As a workaround, system administrators should configure their systems
to only accept TCP connections from trusted end-stations, if it is
possible to do so.".
I have seen advisements to disable IP reassembly entirely and
severely curtail TCP re-assembly.
Bob
--
Bob Friesenhahn
[email protected], http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
------------------------------------------
illumos: illumos-discuss
Permalink:
https://illumos.topicbox.com/groups/discuss/T1b175e13613c3ce2-M8ae487f26a5537f08dec94d7
Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
