Firewall Wizards mailing list archives
Re: Cisco PIX bug, discussions (lenghty)
From: Aleph One <aleph1 () dfw net>
Date: Thu, 27 Aug 1998 19:58:49 -0500 (CDT)
On Thu, 27 Aug 1998, Ryan Russell wrote:
Thanks, I hadn't read that one before. If I'm interpreting correctly, it basically recommends that filtering routers do some minimum frag reassembly, taking care to handle overlapping frags carefully, so you have enough data to see the transport headers. Interestingly enough... it looks like the authors saw the issues for most, if not all, the frag attacks that we're seeing used now.... in 1995.
The RFC was written after the Cisco vulnerability was discovered. The routers does not need to defrag packets but that is one solution. Since the small packet fragment problem and access control lists mainly affect TCP the other option is to drop any IP fragments that are fragmented inside the TCP header. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Cisco PIX bug, discussions (lenghty), (continued)
- Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Message not available
- Re: Cisco PIX bug, discussions (lenghty) Eric Vyncke (Aug 28)
- Re: Cisco PIX bug, discussions (lenghty) Joseph S. D. Yao (Aug 26)
- Re: performance vs. security (was Cisco PIX ...) (NetQuest) Borkin, Michael (Aug 30)
- Re: Cisco PIX bug, discussions (lenghty) Travis Low (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Robert Stahlbrand (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 26)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 27)
- Re: Cisco PIX bug, discussions (lenghty) Ryan Russell (Aug 28)
- Re: Cisco PIX bug, discussions (lenghty) Aleph One (Aug 28)