--- ip_input.c.orig	Sun Feb 20 11:31:44 2000
+++ ip_input.c	Sun Feb 20 11:37:31 2000
@@ -348,6 +348,16 @@
 	NTOHS(ip->ip_off);
 
 	/*
+	 * Drop excessively large ICMP packets (> 8184 bytes)
+	 * - oogali@intranova.net
+	 */
+
+	if ((ip->ip_len > 8184) && (ip->ip_p == IPPROTO_ICMP)) {
+		ipstat.ips_toolong++;
+		goto bad;
+	}
+
+	/*
 	 * Check that the amount of data in the buffers
 	 * is as at least much as the IP header would have us expect.
 	 * Trim mbufs if longer than we expect.