Vulnerability Development mailing list archives
Re: Windows IP Fragment Reassembly Vulnerability
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sun, 21 May 2000 19:49:07 +0200
Masial wrote:
Does anyone have info about this particular issue? I would be interested in seeing what are those 'malformed' packets look like, and as usual, microsoft dosent give any technical details about the vunlerability. Trust us blindly!
I saw something on this just a while ago, but since I'm catching up with two weeks of not reading my mailing lists (10+ of them) I cannot remember for the life of me where I saw it, could be bugtraq, firewalls () lists gnac net or firewall-wizards () nfr net Anyhow, from what I could gain, it was simply done by sending LOTS of fragments (a couple of hundred) with the same fragment offset. Any SPF worth its name ought to be able to protect you from it. OTOH, any NT based proxy without its own fragment handler would choke on them and DoS your entire connection. :-P /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: Netscape forms using standard windows controls, (continued)
- Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
- Re: Why not a changeling? Bluefish (May 21)
- TopLayer layer 7 switch Advisory User nawk (May 20)
- Re: chsh Segfault on FreeBSD 3.3 Pavol Luptak (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Taneli Huuskonen (May 19)
- CAU Technologies, Inc. Security Advisory 2000.05.19.001 : Default Syslog Installations Security Advisory (May 19)
- UPDATE on possible new "e-mail virus" concept ? Zoa_Chien (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
- Re: UPDATE on possible new "e-mail virus" concept ? Jon Williams (May 20)
- Windows IP Fragment Reassembly Vulnerability Masial (May 20)
- Re: Windows IP Fragment Reassembly Vulnerability Mikael Olsson (May 21)
- Re: Outlook HTML VBS (demo) Michael Hendy (May 21)
- Re: Outlook HTML VBS (demo) Masial (May 22)
- Re: Windows IP Fragment Reassembly Vulnerability Blue Boar (May 21)
- Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
- krb5 1.1.1 Mariusz Woloszyn (May 22)
- Re: Windows IP Fragment Reassembly Vulnerability Pete Philips (May 23)
- Re: UPDATE on possible new "e-mail virus" concept ? Bluefish (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Silvio L. Nisgoski (May 19)
- Anyone have a copy of the New LoveYou code! Rich Dube (May 19)