--On 25 February 2015 18:21 +0100 Remko Lodder <[email protected]> wrote:
This suggests that you can filter the traffic: Block incoming IGMP packets by protecting your host/networks with a firewall. (Quote from the SA).
It does, but it doesn't specifically say whether ipfw on *the host that's being protected* is sufficient
I'd imagine in some scenarios that won't work (because the host simply receiving a malformed packet would cause issues) - so was just getting it clarified that an ipfw rule on the vulnerable *host itself* blocking igmp (any to any) is sufficient in this case.
i.e. You don't need a 'external' firewall sat in front of the hosts to do that job.
-Karl _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
