Re: Suspicion about denial of service attacks possible on IP.

bosticbsdi.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Nathan Lawson: "Re: Suspicion denied"
• Previous message: Darren Reed: "Re: Urgent !! Serious Linux Security Bug...."
• Maybe in reply to: Henrik P Johnson: "Suspicion about denial of service attacks possible on IP."
• Next in thread: Nathan Lawson: "Re: Suspicion denied"

> I was idly reading through Internetworking with TCP/IP yesterday when
> it hit me what might be a possible denial of service attack on IP stacks.
> What would happen if a host was bombarded with faked fragments of large
> IP packages. Would the stack allocate more and more memory trying to
> reconstruct the packages or do they operate with a fixed/max size limit
> on memory allocated for IP defragmentation?

Yes.  ;-}

Part of the recent BSD/OS patches were to fix precisely this
type of attack.

--keith

• Next message: Nathan Lawson: "Re: Suspicion denied"
• Previous message: Darren Reed: "Re: Urgent !! Serious Linux Security Bug...."
• Maybe in reply to: Henrik P Johnson: "Suspicion about denial of service attacks possible on IP."
• Next in thread: Nathan Lawson: "Re: Suspicion denied"