Firewall Wizards mailing list archives
Re: An ethernet frame with two IP packets inside?
From: llevier <LLEVIER () compuserve com>
Date: Sat, 31 Oct 1998 04:22:42 -0500
Texte du message écrit par Robert Graham
Since Ethernet has a minimum payload size of 46 bytes, and the minimum
IP packet is 20 bytes (well, minimum useful packet is 28 if you do an empty ping). Thus, any bytes after the end of your first IP packet will be treated as padding by all stacks. Now, stacks might make assumptions about the size of padding so you might be able to crash them just by appending a huge number of bytes (similarly, some products crash if they receive Ethernet frames beyond the 1.5k max size).< So, regarding this, maybe another hacking exploits can be generated. This could help to have better TCP/IP protocol stacks. So a good test should be greating such a packet, bigger enough to ensure at least operating systems TCP/IP suite. Laurent LEVIER Networks & Systems Security Consultant http://www.Argosnet.com
Current thread:
- RE: An ethernet frame with two IP packets inside? Marc Delince (Nov 02)
- <Possible follow-ups>
- Re: An ethernet frame with two IP packets inside? Darren Reed (Nov 02)
- Re: An ethernet frame with two IP packets inside? llevier (Nov 02)