Re: CERT vulnerability note VU# 539363 (fwd)

[Mike Frantzen <frantzen () w4g org>]

> Mike's "reference" here is the hash table IPFilter uses (maybe others).
> FWIW, it gets distributed with a predefined size and most likely most
> people never change this.  That said, nobody has ever come to me and
> said "here's a patch to fix it" or "my firewall is running like a dog
> because of this attack".  Be that as it may, code has been in place for
> some time to address this issue, in future, using a secret.

Most firewalls I've seen used a hash table that could be attacked.
Linux's Netfilter (2.4 and 2.5) too.  It chooses its size based on the
memory size in the machine though.
Hell.  I wrote one a few summers back over the course of a few weekends
which had a very easily attacked state table too.


I'm looking forward to how you encorporate a secret into the hash.
There isn't enough good cryptographer blood in me to trust myself to
write a safe hash function.

.mike
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards