Bugtraq mailing list archives
TCP/IP implementations do not adequately validate ICMP error messages
From: Alok Menghrajani - Ilion Security SA <alok () ilionsecurity ch>
Date: Tue, 10 May 2005 16:51:25 +0200
Hi,I was playing around with the ICMP error messages DOS attack (I found an exploit on securityfocus.org bid 13214), and I noticed the following work around:
when I add the following rule to iptables, the linux server (Kernel 2.4.29-grsec) is no longer vulnerable to the DOS:
iptables -I INPUT 1 -p icmp -j DROPI am interested in knowing if this work around makes any sense. Please keep me informed about this vulnerability.
Thank you, Alok. -- ILION Security S.A. Network Audit by Ethical Hacking M. Alok Menghrajani alok () ilionsecurity ch http://www.ilionsecurity.ch 36, av. Cardinal-Mermillod CH-1227 Carouge/GE Tél.: +41 22 343 99 33 Mob.: +41 78 740 88 97 Fax: +41 22 343 99 34
Current thread:
- TCP/IP implementations do not adequately validate ICMP error messages Alok Menghrajani - Ilion Security SA (May 10)
- Re: TCP/IP implementations do not adequately validate ICMP error messages Peter Keel (May 11)
- Re: TCP/IP implementations do not adequately validate ICMP error messages Maciej Soltysiak (May 11)
- Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages David Nichols (May 11)
- RE: TCP/IP implementations do not adequately validate ICMP error messages David Schwartz (May 11)