Bugtraq mailing list archives
Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs)
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Wed, 23 Aug 1995 15:59:42 -0400
Send an IP fragment 0 acceptable to the firewall Send an IP fragment at offset 8 to rewrite most of the header and all the datathat isn't the main bug. sigh
Seems to me that there's no reason to use the "new" data rather than the "old" data when a new fragment arrives that overlaps already-collected data. They're supposed to be the same; any difference indicates that at least one of them is definitely corrupted in a way that beat the checksum, or else you're under attack. In either case, dropping both the incoming packet and the collected fragments is probably the best response, seems to me. If you don't want to compare the bytes, then just make sure old data takes precedence over new. (But comparing the bytes when there's overlap is probably cheap enough to do; the only way it will happen in normal use is when a fragmented datagram is retransmitted.) der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) der Mouse (Aug 23)
- Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) Tom Fitzgerald (Aug 23)
- -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dr. Frederick B. Cohen (Aug 24)
- Security Mailing Lists Christopher Klaus (Dec 09)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 24)
- .lsof_dev_cache Dave Sill (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Darren Reed (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
- Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)