Full Disclosure mailing list archives
Re: A new TCP/IP blind data injection technique?
From: Valdis.Kletnieks () vt edu
Date: Sat, 13 Dec 2003 15:04:10 -0500
On Sat, 13 Dec 2003 03:35:25 MST, Michael Gale <michael () bluesuperman com> said:
For example the BorderWare Firewall will not accept fragmented packets, they are working on a firewall function that when fragmented packets arrive. It will save the first piece plus all frags until the final one is received. But the packet back together and do a sanity check of some sort. Then pass or drop the packet.
So the problem is that the host may re-assemble a fragmented packet with injected data in it. And we protect against it by.... you got it.. having the firewall re-assemble the fragmented packet with injected data and then handing the re-assembled full packet (with injected data) to the host. Whoops.
Attachment:
_bin
Description:
Current thread:
- Re: A new TCP/IP blind data injection technique?, (continued)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
- Re: A new TCP/IP blind data injection technique? Barney Wolff (Dec 12)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 12)
- Re: A new TCP/IP blind data injection technique? Stephen Frost (Dec 12)
- Re: A new TCP/IP blind data injection technique? Jeff Kell (Dec 12)
- Re: A new TCP/IP blind data injection technique? Mikael Abrahamsson (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 13)
- Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 14)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 15)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Breaking the checksum (a new TCP/IP blind data injection technique) Michal Zalewski (Dec 14)