Firewall Wizards mailing list archives

Re: Cisco PIX bug, discussions (lenghty)

From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Thu, 27 Aug 1998 17:19:32 -0700


Thanks, I hadn't read that one before.

If I'm interpreting correctly, it basically recommends that filtering
routers do some minimum frag reassembly, taking care to
handle overlapping frags carefully, so you have enough
data to see the transport headers.

Interestingly enough... it looks like the authors saw the issues
for most, if not all, the frag attacks that we're seeing used now....
in 1995.

                         Ryan






Just in case everyone has forgotten:

RFC 1859: Security Considerations for IP Fragment Filtering
ftp://ftp.isi.edu/in-notes/rfc1858.txt

Aleph One / aleph1 () dfw net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

Current thread:

Re: Cisco PIX bug, discussions (lenghty), (continued)
- - Re: Cisco PIX bug, discussions (lenghty) Euan (Aug 26)
    - Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 27)
    - Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
    - Message not available
    - Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 28)
  - Re: Cisco PIX bug, discussions (lenghty) Joseph S. D. Yao (Aug 26)
  - Re: performance vs. security (was Cisco PIX ...) (NetQuest) Borkin, Michael (Aug 30)
- Re: Cisco PIX bug, discussions (lenghty) Travis Low (Aug 26)
  - Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 28)
  - Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 28)