Bugtraq mailing list archives

Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs)

From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Wed, 23 Aug 1995 15:59:42 -0400

        Send an IP fragment 0 acceptable to the firewall
        Send an IP fragment at offset 8 to rewrite most of the header
                and all the data

that isn't the main bug.  sigh


Seems to me that there's no reason to use the "new" data rather than
the "old" data when a new fragment arrives that overlaps
already-collected data.  They're supposed to be the same; any
difference indicates that at least one of them is definitely corrupted
in a way that beat the checksum, or else you're under attack.  In
either case, dropping both the incoming packet and the collected
fragments is probably the best response, seems to me.  If you don't
want to compare the bytes, then just make sure old data takes
precedence over new.  (But comparing the bytes when there's overlap is
probably cheap enough to do; the only way it will happen in normal use
is when a fragmented datagram is retransmitted.)

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu

Current thread:

Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) der Mouse (Aug 23)
- Re: DO NOT USE THAT PATCH (Re: IP firewalling bugs) Tom Fitzgerald (Aug 23)
- -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dr. Frederick B. Cohen (Aug 24)
  - Security Mailing Lists Christopher Klaus (Dec 09)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 24)
  - .lsof_dev_cache Dave Sill (Aug 25)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Darren Reed (Aug 25)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Dave Roberts (Aug 29)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 Vic Abell (Aug 30)
  - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Scott Barman (Aug 25)
    - Re: -rw-rw-rw- 1 root 8025 Aug 24 04:10 /tmp/.lsof_dev_cache Vic Abell (Aug 28)

(Thread continues...)