Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: More oshare testing.

From: lincoln () HOTLINK COM BR (Cristiano Lincoln Mattos)
Date: Fri, 5 Feb 1999 12:45:08 -0200

        The router's that would drop the packet based on the 1.1.1.1 src
address are the one's that have anti-ip-spoofing ACL's installed, which
(unfornately) not all have.  Since the oshare packet's have invalid
checksums for the IP header, that is a more concrete reason of why routers
drop them (in all my tests), obeying to the Router requirements
RFC.  Router's tested: Cisco, Ascend, and Linux 2.0.36 with ip-forwarding.

Cristiano Lincoln Mattos                           Recife / Brazil

On Wed, 3 Feb 1999, Jeff Roberson wrote:


The ethernet adapter is on a completely different layer from IP, so I
doubt the netcard has much to do with the attack.  Also, I notice in the
original email, the author claims that the attack wont work if your not
on the same segment.  This is simply because the packet's source address is
1.1.1.1, so most routers will drop this packet.  Finally, could
people be more specific when they post about crashes?  By this I mean,
what patches they have installed, what network protocols/services/and
adapters they have?  This information might be usefull in understanding
who this bug really affects.

Jeff
Previous By Date Next
Previous By Thread Next

Current thread: