|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Addendum: Analysis of jolt2.c (MS00-029)
From: Mikael Olsson (mikael.olsson
ENTERNET.SE)Date: Fri May 26 2000 - 08:18:38 CDT
- Next message: emf: "Security Vulnerability in IPFilter 3.3.15 and 3.4.3"
- Previous message: Prizm: "Re: Qpopper 2.53 problem, user can gain gid=mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----------------------------------------------------------------
Subject: Addendum to Analysis of jolt2.c
Date: 2000-05-26
Author: Mikael Olsson, EnterNet Sweden <mikael.olssonenternet.se>
------------------------------------------------------------------
I failed to mention proxy based firewalls in the discussion on
wether firewalls will protect against this attack or not.
Fact 1: A proxy firewall will NOT pass this attack pattern to
the protected network.
Fact 2: If the proxy firewall is running on a vulnerable OS and
doesn't have its own network layer code (relies on the MS stack),
the attack will DoS the firewall itself.
The fact of the matter is, any type firewall that runs on top
of Win9x/NT that doesn't have its own network layer code is
vulnerable to this attack.
I will _not_ speculate on which Windows based firewalls are
vulnerable or not.
-- Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson
- Next message: emf: "Security Vulnerability in IPFilter 3.3.15 and 3.4.3"
- Previous message: Prizm: "Re: Qpopper 2.53 problem, user can gain gid=mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]