|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: BindView Security Advisory: SSR Denial of Service
Alan Cox (alan
LXORGUK.UKUU.ORG.UK)
Thu, 25 Nov 1999 01:13:22 +0000
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: pedwardWEBCOM.COM: "Re: WordPad/riched20.dll buffer overflow"
- Previous message: Matt Conover: "[w00giving '99 #6]: UnixWare 7's Xsco"
> The danger in this problem arises from the fact that many perimeter defenses
> (firewalls) permit ICMP through, which means that remote, anonymous
> attackers
Note that perimiter firewalls that don't let some ICMP through are broken
(If anyone from certain large search/net companies beginning with A and Y are
listening....). With return ICMP must fragment messages blocked the host
isnt properly accessible (in many cases not accessible at all) over lower
MTU paths like secure tunnels, groups of machines behind low mtu ppp links
etc.
A perimiter firewall can (and probably should) do stateful checking of the
ICMPs perhaps with rate limiting too.
Alan
- Next message: pedwardWEBCOM.COM: "Re: WordPad/riched20.dll buffer overflow"
- Previous message: Matt Conover: "[w00giving '99 #6]: UnixWare 7's Xsco"
This archive was generated by hypermail 2.0b3 on Fri Nov 26 1999 - 03:45:13 CST