Vulnerability Development mailing list archives

Re: Windows IP Fragment Reassembly Vulnerability

From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sun, 21 May 2000 19:49:07 +0200


Masial wrote:


Does anyone have info about this particular issue? I would be interested in
seeing what are those 'malformed' packets look like, and as usual, microsoft
dosent give any technical details about the vunlerability. Trust us blindly!


I saw something on this just a while ago, but since I'm catching up
with two weeks of not reading my mailing lists (10+ of them) I cannot
remember for the life of me where I saw it, could be bugtraq,
firewalls () lists gnac net or firewall-wizards () nfr net

Anyhow, from what I could gain, it was simply done by sending LOTS
of fragments (a couple of hundred) with the same fragment offset.
Any SPF worth its name ought to be able to protect you from it.
OTOH, any NT based proxy without its own fragment handler would
choke on them and DoS your entire connection. :-P

/Mike

--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se

Current thread:

Re: Netscape forms using standard windows controls, (continued)
- - - Re: Netscape forms using standard windows controls Chon-Chon Tang (May 22)
    - Re: Why not a changeling? Bluefish (May 21)
    - TopLayer layer 7 switch Advisory User nawk (May 20)
    - Re: chsh Segfault on FreeBSD 3.3 Pavol Luptak (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Taneli Huuskonen (May 19)
- CAU Technologies, Inc. Security Advisory 2000.05.19.001 : Default Syslog Installations Security Advisory (May 19)
- UPDATE on possible new "e-mail virus" concept ? Zoa_Chien (May 19)
  - Re: UPDATE on possible new "e-mail virus" concept ? Jim Paris (May 19)
    - Re: UPDATE on possible new "e-mail virus" concept ? Jon Williams (May 20)
    - Windows IP Fragment Reassembly Vulnerability Masial (May 20)
    - Re: Windows IP Fragment Reassembly Vulnerability Mikael Olsson (May 21)
    - Re: Outlook HTML VBS (demo) Michael Hendy (May 21)
    - Re: Outlook HTML VBS (demo) Masial (May 22)
    - Re: Windows IP Fragment Reassembly Vulnerability Blue Boar (May 21)
    - krb5 1.1.1 Mariusz Woloszyn (May 22)
    - Re: Windows IP Fragment Reassembly Vulnerability Pete Philips (May 23)
    - Re: UPDATE on possible new "e-mail virus" concept ? Bluefish (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Bluefish (May 20)
- Re: possible new "e-mail virus" concept ? + bypassing IE settings Zoa_Chien (May 19)
  - Re: possible new "e-mail virus" concept ? + bypassing IE settings Silvio L. Nisgoski (May 19)
  - Anyone have a copy of the New LoveYou code! Rich Dube (May 19)

(Thread continues...)