Bugtraq mailing list archives
Re: Cisco problems
From: mcn () EnGarde com (Mike Neuman)
Date: Wed, 7 Jun 1995 10:50:10 -0500
In a message to bugtraq, Paul Ferguson (paul () hawksbill sprintmrn com) wrote:
The discussion did occur on firewalls. In fact, there was a rather lengthy discussion on IP fragmentation as an attack method.
In a following exchange of email, we've discovered the messages from this "lengthy discussion" are not a part of the firewalls archive. Apparently Brent decided they were off topic and removed them... So, my original question stands: Any information on this? My *guess* is: The filter looks for a TCP packet with a SYN but no ACK. (rejecting incoming connections, but allowing incoming replies to outgoing connections). Fragment an IP packet so the TCP header (especially the flags) are moved to another fragment. The router allows the packet to pass (maybe even the next one containing the flags as well?). Is this right? Or is there more to it than this? Do Ciscos reassemble the packets to match the internal MTU? -Mike mcn () EnGarde com
Current thread:
- Re: Cisco problems Mike Neuman (Jun 07)