Bugtraq mailing list archives
DoS: ANS Interlock Firewall
From: lurker () CC GATECH EDU (Chris A. Henesy)
Date: Thu, 9 Jul 1998 15:51:14 -0400
This may be repeated information but a quick search of the archives didn't turn anything up, so here goes... There is a problem in the TCP/IP stack of ANS's Interlock Internet Firewall product. Sending the correct series of packet fragments will cause the machine to reboot. Bellow is part of a problem description provided by ANS. A patch is available.
The 1st fragment contains all (or most) of the packets payload and it incorrectly indicates that no other fragments are coming (the IP more fragment field is not set). The next fragment is sent with a zero length and uses the same packet identifier (indicating its another part of the earlier packet). This packet also does not indicate that more fragments are coming. The result is a zero length fragment arrives at the InterLock and gets processed by the Solaris fragment handling code. Unfortunately, the Solaris fragment timeout handling code (which gets involved 60 seconds later) doesnt properly handle the zero length fragment and its panics the box during cleanup.
-The Lurker
Current thread:
- ePerl: bad handling of ISINDEX queries, (continued)
- ePerl: bad handling of ISINDEX queries Tiago Luz Pinto (Jul 06)
- Re: ePerl: bad handling of ISINDEX queries Andrew Pimlott (Jul 08)
- Re: ePerl: bad handling of ISINDEX queries Steve Willer (Jul 08)
- notes on Port scanning Lloyd Vancil (Jul 08)
- WWW Authorization Gateway Albert Nubdy (Jul 08)
- Re: ePerl: bad handling of ISINDEX queries Andrew Pimlott (Jul 08)
- Re: Sun libnsl lameness Allanah Myles (Jul 06)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
- Re: Sun libnsl lameness Scott Stubbs (Jul 09)
- Sun libnsl patches Mike Sorsen (Jul 09)
- Re: Sun libnsl lameness Matt Conover (Jul 08)
- DoS: ANS Interlock Firewall Chris A. Henesy (Jul 09)
- Administrivia Aleph One (Jul 09)
- Re: Sun libnsl lameness mib () DEAKIN EDU AU (Jul 08)
- Re: Sun libnsl lameness Andy Polyakov (Jul 03)
- Re: Sun libnsl lameness Matt Conover (Jul 03)
- UPDATE: SSH insertion attack Ivan Arce (Jul 03)
- [rootshell] Security Bulletin #20 Aleph One (Jul 06)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 09)
- Re: Sun libnsl lameness Edward Lewis EDU SE Nashville (Jul 10)
- ePerl: bad handling of ISINDEX queries Tiago Luz Pinto (Jul 06)