RE: Borderware Ping Server

["Ofir Arkin" <ofir () sys-security com>]

Gents,

This is not only the question of ping of death. There is also a very
important issue of how this ping server/proxy validates that the
requests sent and received are truly genuine ICMP echo requests and
replies. Especially data in the data portion of the ICMP echo request
and reply, message length and other gizmos. 


Ofir Arkin [ofir () sys-security com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com] On Behalf Of Marcus J. Ranum
Sent: ג 09 אוקטובר 2001 17:24
To: Don Ng; firewall-wizards () nfr com
Subject: Re: [fw-wiz] Borderware Ping Server


> Seems to be quite unique, is it a proxy server for
> ICMP echo request?

I believe that what it did was set a bpf filter for icmp packets, which
it
then proxied to the outside world and re-injected on the internal
network.
Kind of an interesting concept; I wonder if it would have adequately
protected
against a ping of death attack...

mjr.
---
Marcus J. Ranum          Chief Technology Officer, NFR Security, Inc.
Work:                           http://www.nfr.com
Personal:                      http://www.ranum.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards