Wallace_n_Gromit
Senior Member
After listening to a podcast about the Ripple20 Vulnerability:
Discussion of the Ripple20 Vulnerability (re: embedded Treck TCP/IP stack in multi-millions of IoT devices) begins at 1:44:05 and the proposed mitigation for most of the issues begins at 2:02:47.
The Host referred to "UDP fragmentation attacks" as a way that several of the vulnerabilities would be exploited. He suggested that a method of mitigation would be for a router to have a specific purpose filter to "...drop any UDP packet with the frag bit set in its header" Is this something that a Asuswrt-merlin firmware/script can currently do? And if so how would it be enabled?
Discussion of the Ripple20 Vulnerability (re: embedded Treck TCP/IP stack in multi-millions of IoT devices) begins at 1:44:05 and the proposed mitigation for most of the issues begins at 2:02:47.
The Host referred to "UDP fragmentation attacks" as a way that several of the vulnerabilities would be exploited. He suggested that a method of mitigation would be for a router to have a specific purpose filter to "...drop any UDP packet with the frag bit set in its header" Is this something that a Asuswrt-merlin firmware/script can currently do? And if so how would it be enabled?