Full Disclosure mailing list archives
RE: A new TCP/IP blind data injection technique?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 11 Dec 2003 08:38:00 -0800
-----Original Message----- From: Michal Zalewski [mailto:lcamtuf () ghettot org]
<snip>
1. Path MTU discovery (DF set) prevents fragmentation [*]; some modern systems (Linux) default to this mode - although PMTU discovery is also known to cause problems in certain setups, so it is not always the best way to stop the attack. [*] Also note that certain types of routers or tunnels tend to ignore DF flag, possibly opening this vector again.
<snip>
Note that this has nothing to do with old firewall bypassing techniques and other tricks that used fragmentation to fool IDSes and so on - mandatory defragmentation of incoming traffic on perimeter devices will not solve the problem.
I concluded some time back -- coming at it from an entirely different angle from either of these -- that IP-layer fragmentation and reassembly was fatally flawed. All sane implementations should set DF, and all but the most secure of tunnels should honour it. David Gillett _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: A new TCP/IP blind data injection technique?, (continued)
- Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
- Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
- Re: A new TCP/IP blind data injection technique? Barney Wolff (Dec 12)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 12)
- Re: A new TCP/IP blind data injection technique? Stephen Frost (Dec 12)
- Re: A new TCP/IP blind data injection technique? Jeff Kell (Dec 12)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
- Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
- Re: A new TCP/IP blind data injection technique? Mikael Abrahamsson (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 13)
- Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 14)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 15)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Breaking the checksum (a new TCP/IP blind data injection technique) Michal Zalewski (Dec 14)