nanog mailing list archives
Re: RFC3514
From: Owen DeLong <owen () delong com>
Date: Tue, 01 Apr 2003 09:22:22 -0800
Hmmm.... Must be 4/1 again. Owen--On Tuesday, April 1, 2003 9:33 AM -0600 Jack Bates <jbates () brightok net> wrote:
Scott Francis wrote:Comments? (Nice to see Mr. Bellovin keeping up the holiday tradition ... :))Yep. " Fragments that by themselves are dangerous MUST have the evil bit set. If a packet with the evil bit set is fragmented by an intermediate router and the fragments themselves are not dangerous, the evil bit MUST be cleared in the fragments, and MUST be turned back on in the reassembled packet." There is no guidelines for specifying how the router will determine if the fragments themselves are dangerous. An attacker may carefully design the evil packet with the expectation of fragmentation, allowing the fragments themselves to be the tool of the attack. It is therefore recommended that all fragment of a packet with the evil bit set should also have the evil bit set when fragmentation is performed by an intermediate router incapable of determining the dangerous nature of the packets. :) -Jack
Current thread:
- RFC3514 Scott Francis (Mar 31)
- Re: RFC3514 Jack Bates (Apr 01)
- Re: RFC3514 Owen DeLong (Apr 01)
- Re: RFC3514 Jack Bates (Apr 01)
- Re: RFC3514 Owen DeLong (Apr 01)
- Re: RFC3514 bmanning (Apr 01)
- Re: RFC3514 Jack Bates (Apr 01)
- Re: RFC3514 E.B. Dreger (Apr 01)
- Re: RFC3514 Owen DeLong (Apr 01)
- Re: RFC3514 Andrew Brown (Apr 01)
- Re: RFC3514 Jack Bates (Apr 01)
- RE: RFC3514 todd glassey (Apr 01)
- <Possible follow-ups>
- RE: RFC3514 Tomas Daniska (Apr 01)
- Re: RFC3514 Petri Helenius (Apr 01)