Bugtraq mailing list archives

Re: your mail

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Tue, 22 Dec 1998 13:16:47 +0000

It should be pointed out here that ICMP redirects are not the only
kinds of attacks which can be carried out against these devices.

Our wonderful denial of service friends land, nestea, nestea2, et al,
can wreak havoc on these devices as well.

Your best bet as a user of these devices is to impose very restrictive
filters, or insure that these systems are not vulnerable to all
of the attacks against IP stacks that have been discovered.


A very large number of these embedded devices run the same two or three
tcp stacks. Several of them hang when fed a zero length IP option (old
KA9Q based). The other thing is nestea/nestea2 can be a pain. The tools
may deliver them UDP but they can equally be delivered tcp at port 80,
or the lpd port or other similar. This makes it quite hard to firewall

Finally some impromptu testing with third parties indicates that the
'all embedded boxes have crashable tcp' theory extends to most of the
beta/just being rolled out set top box internet devices from cable
companies.

Alan

Current thread:

ip header id patched., (continued)
- - ip header id patched. awgn () COSMOS IT (Dec 19)
  - ValueClick Ellen (Dec 19)
- Re: OSS nice tmp race Pavel Kankovsky (Dec 18)
  - Re: OSS nice tmp race Dr. Mudge (Dec 18)
- Re: OSS nice tmp race Joel Eriksson (Dec 18)
- OSS nice tmp race the razor of love (Dec 18)
- Re: OSS nice tmp race Crispin Cowan (Dec 20)
- Re: OSS nice tmp race X-Force (Dec 21)
  - AOL client uses IP tunneling Aviram Jenik (Dec 21)
  - Re: your mail Craig A. Huegen (Dec 21)
    - Re: your mail Alan Cox (Dec 22)