Firewall Wizards mailing list archives
Re: Cisco PIX bug, discussions (lenghty)
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Thu, 27 Aug 1998 17:19:32 -0700
Thanks, I hadn't read that one before. If I'm interpreting correctly, it basically recommends that filtering routers do some minimum frag reassembly, taking care to handle overlapping frags carefully, so you have enough data to see the transport headers. Interestingly enough... it looks like the authors saw the issues for most, if not all, the frag attacks that we're seeing used now.... in 1995. Ryan Just in case everyone has forgotten: RFC 1859: Security Considerations for IP Fragment Filtering ftp://ftp.isi.edu/in-notes/rfc1858.txt Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Cisco PIX bug, discussions (lenghty), (continued)
- Re: Cisco PIX bug, discussions (lenghty) Euan (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Message not available
- Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 28)
- Re: Cisco PIX bug, discussions (lenghty) Euan (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Joseph S. D. Yao (Aug 26)
- Re: performance vs. security (was Cisco PIX ...) (NetQuest) Borkin, Michael (Aug 30)
- Re: Cisco PIX bug, discussions (lenghty) Travis Low (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 28)
- Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 28)