Vulnerability Development mailing list archives
Re: Packet Fragmentation Attacks
From: Mikael Olsson <mikael.olsson () ENTERNET SE>
Date: Fri, 25 Aug 2000 10:46:59 +0200
Max wrote:
[fragment flooding] I recieve the following kernel message: "Aug 24 10:10:43 orion /bsd: ne3: warning - reciever ring buffer overrun".
This is a problem on the ethernet/driver level. If the receiver ring buffer is full, the NIC is receiving packets from faster than the CPU is despooling them; the result is plain and simple packet loss. There could be two causes for this: 1) Your CPU is plain too slow; get a faster one, otherwise you'll always experience packet loss if someone is talking to you too fast (fragments or no fragments). 2) The defragmentation routine is taking too much time; the result would be that the CPU is too busy to despool packets in a timely fashion. Maybe the reassembly could be optimized a little bit, but in any case, I don't think it'd help much. In either case, I wouldn't view this as a big problem. Packet loss is part of normal network operation :) -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05 Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50 WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se
Current thread:
- Packet Fragmentation Attacks Max (Aug 24)
- Re: Packet Fragmentation Attacks Mikael Olsson (Aug 25)
- Remote exploitation of network scanners? Lincoln Yeoh (Aug 25)
- Re: Remote exploitation of network scanners? Paul Cardon (Aug 25)
- Re: Remote exploitation of network scanners? Marc Maiffret (Aug 25)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 25)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Aug 26)
- Re: Remote exploitation of network scanners? Lincoln Yeoh (Aug 26)
- Re: Remote exploitation of network scanners? Ricardo Anguiano (Aug 26)
- Re: Remote exploitation of network scanners? Ryan Sweat (Aug 26)
- Re: Remote exploitation of network scanners? Adam Prato (Aug 25)
- Re: Remote exploitation of network scanners? Fyodor (Aug 26)