Firewall Wizards mailing list archives
Re: Firewall comparison in Data Communications
From: Kevin Steves <stevesk () sweden hp com>
Date: Sun, 6 Jun 1999 07:54:49 +0200 (CEST)
On Thu, 3 Jun 1999 dnewman () cmp com wrote: : Most SPF products (including all those in the Data Comm) has : specific anti-ping o' death routines. True, this usually isn't part : of the SPF itself. But there are safeguards in place against common : attacks like IP spoofing, SYN flooding, ping of death, and the like. : : In the case of the ping of death, I presume these routines drop ICMP : packets with a length greater than 64 kbytes. I'm curious to : hear--what variant of the ping of death would be allowed through? Remember, the underlying problem exploited by ping of death was an IP reassembly defect. And, while I haven't seen an exploit, it could be possible to exploit the problem via a udp-echo of death, of http-get of death.
Current thread:
- RE: Firewall comparison in Data Communications, (continued)
- RE: Firewall comparison in Data Communications Kevin Steves (Jun 14)
- RE: Firewall comparison in Data Communications W J La Cholter (Jun 03)
- Re: Firewall comparison in Data Communications Don Kendrick (Jun 03)
- RE: Firewall comparison in Data Communications Russ (Jun 03)
- RE: Firewall comparison in Data Communications csingletary (Jun 03)
- RE: Firewall comparison in Data Communications Rob Polansky (Jun 04)
- Re: Firewall comparison in Data Communications Steven M. Bellovin (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
- Re: Firewall comparison in Data Communications dnewman (Jun 03)
- Re: Firewall comparison in Data Communications Ge' Weijers (Jun 03)
- Re: Firewall comparison in Data Communications Kevin Steves (Jun 14)
- RE: Firewall comparison in Data Communications Robert Graham (Jun 03)