nanog mailing list archives
Re: Arbor Networks DoS defense product
From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Fri, 17 May 2002 13:55:59 -0400
Unfortunately, things like TCP ECN and ICMP 'Frag Needed' are often considered "funny packets".
I know ECN etc have been used to evade firewalls but afaik have not been known in and of themselves to compromise or crash hosts or make them do any "funny things" besides dropping the packets outright. If you have information to the contrary please let me know.
The ECN bits have been used in the past to do OS finger printing. Not a big issue IMHO, but some people don't like it. -- -------------------------------------------------------------------- jullrich () euclidian com Collaborative Intrusion Detection join http://www.dshield.org
Current thread:
- Re: Arbor Networks DoS defense product, (continued)
- Re: Arbor Networks DoS defense product mval (May 16)
- Re: Arbor Networks DoS defense product Scott Francis (May 16)
- Re: Arbor Networks DoS defense product Scott Francis (May 16)
- Message not available
- Message not available
- Message not available
- Re: Arbor Networks DoS defense product Clayton Fiske (May 15)
- Re: Arbor Networks DoS defense product PJ (May 15)
- Re: Arbor Networks DoS defense product Clayton Fiske (May 15)
- Re: Arbor Networks DoS defense product E.B. Dreger (May 15)
- Re: Arbor Networks DoS defense product Valdis . Kletnieks (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
- Re: Arbor Networks DoS defense product Johannes Ullrich (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Henry Yen (May 18)
- Message not available
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
- Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 18)
- Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 18)