Full Disclosure mailing list archives

Re: A new TCP/IP blind data injection technique?

From: Mikael Abrahamsson <swmike () swm pp se>
Date: Thu, 11 Dec 2003 21:42:27 +0100 (CET)

On Thu, 11 Dec 2003 Valdis.Kletnieks () vt edu wrote:

1) Disable all ICMP, so the ICMP Frag Needed packets don't make it back, thus
hosing the connection entirely (send too large packet, frag needed, ICMP
dropped, timeout, retransmit, lather, rinse, repeat).

2) Number their point-to-points out of RFC1918 space, so the ICMP Frag Needed
gets swallowed by some border router that's doing reasonable ingress/egress
filtering.


Well, actually as far as I have seen the bad thing when pmtud doesnt work 
is often your server farm load sharer that wont forward the icmp message 
to the appropriate server in the farm. 

So a lot of the technology used out there doesnt even by design take ICMP 
NEED TO FRAG-messages into account when they do things. It's not just 
clueless admins, it's clueless designers of equipment.

-- 
Mikael Abrahamsson    email: swmike () swm pp se

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: A new TCP/IP blind data injection technique?, (continued)
- - Re: A new TCP/IP blind data injection technique? Casper Dik (Dec 11)
- Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
  - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Shachar Shemesh (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Barney Wolff (Dec 12)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 12)
    - Re: A new TCP/IP blind data injection technique? Stephen Frost (Dec 12)
    - Re: A new TCP/IP blind data injection technique? Jeff Kell (Dec 12)
  - Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 11)
    - Re: A new TCP/IP blind data injection technique? Mikael Abrahamsson (Dec 11)
- RE: A new TCP/IP blind data injection technique? David Gillett (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
  - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 13)
  - Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 13)
    - Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 14)
    - Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
    - Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 15)
    - Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Message not available
  - Breaking the checksum (a new TCP/IP blind data injection technique) Michal Zalewski (Dec 14)