|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: CERT Summary CS-98.02
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: FW: CERT Summary CS-98.02
- From: "John D. Hardin" <jhardinwolfenet.com>
- Date: Thu, 5 Mar 1998 09:21:17 -0800
- Comments: To: Russ <Russ.CooperRC.ON.CA>
- In-Reply-To: <199803050036.QAA06029wolfenet.com>
- Reply-To: "John D. Hardin" <jhardinwolfenet.com>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
> The attacks involve sending a pair of malformed IP fragments which are > reassembled into an invalid UDP datagram. The invalid UDP datagram > causes the target machine to go into an unstable state. Once in an unstable > state, the target machine either halts or crashes. Our publicly-accessible NT boxes are protected by a Linux firewall with ALWAYS-DEFRAGMENT set to true. This leads to two questions, the first not entirely NT-related: 1) Does Linux validate reassembled packets? (meaning, would the attack datagrams be reassembled, checked and then discarded by the Linux firewall?) 2) Does the exploit *require* that the attack datagrams be reassembled *on the NT box being attacked*? (meaning, would the Linux firewall's reassembly of the datagrams prevent the attack from affecting an NT box, even if the reassembled invalid datagrams are then forwarded to the NT box rather than being discarded?) -- John Hardin KA7OHZ jhardin
- Prev by Date: FW: CERT Summary CS-98.02
- Next by Date: Re: FW: CERT Summary CS-98.02
- Prev by thread: FW: CERT Summary CS-98.02
- Next by thread: Re: FW: CERT Summary CS-98.02
- Index(es):