Firewall Wizards mailing list archives

Re: An ethernet frame with two IP packets inside?

From: llevier <LLEVIER () compuserve com>
Date: Sat, 31 Oct 1998 04:22:42 -0500

Texte du message écrit par Robert Graham

Since Ethernet has a minimum payload size of 46 bytes, and the minimum

IP packet is 20 bytes (well, minimum useful packet is 28 if you do an
empty ping). Thus, any bytes after the end of your first IP packet
will be treated as padding by all stacks. Now, stacks might make
assumptions about the size of padding so you might be able to crash
them just by appending a huge number of bytes (similarly, some
products crash if they receive Ethernet frames beyond the 1.5k max
size).<

So, regarding this, maybe another hacking exploits can be generated. This
could help to have better TCP/IP protocol stacks.

So a good test should be greating such a packet, bigger enough to ensure at
least operating systems TCP/IP suite.

Laurent LEVIER
Networks & Systems
Security Consultant
http://www.Argosnet.com

Current thread:

RE: An ethernet frame with two IP packets inside? Marc Delince (Nov 02)
- <Possible follow-ups>
- Re: An ethernet frame with two IP packets inside? Darren Reed (Nov 02)
- Re: An ethernet frame with two IP packets inside? llevier (Nov 02)