Re: Linux IP fragment overlap bug

Morbid Dead Guy (bingm@STREAM.CSIS.GVSU.EDU)
Sun, 16 Nov 1997 14:29:40 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "Re: Windows 95 IP Fragmentation Bug Fix?"
Previous message: Lloyd Vancil: "Re: Preliminary Notice: Cisco LocalDirector enable password loss"
Maybe in reply to: G P R: "Linux IP fragment overlap bug"

> It may be the previous icmp-fix (ssping) that fixes the problem. Oddly
> enough, NT with no patches at all isn't vulnerable to this. I haven't
> quite sorted out exactly where the problem starts and stops, but I do know
> no patches and full patches aren't bothered by it.

This may not be completely true. I've reproduced the attack against an NT
Server 4.0 without any patches. I expected a blue-screen ala OOB attack,
but instead the machine just locked. On two different Linux machines
(2.0.0 and 2.0.31), the attack caused a reboot.

-matt-

http://rainbow.csis.gvsu.edu/electric
pgp:finger bingm@bass.csis.gvsu.edu
mailto:bingm@csis.gvsu.edu

Next message: Aleph One: "Re: Windows 95 IP Fragmentation Bug Fix?"
Previous message: Lloyd Vancil: "Re: Preliminary Notice: Cisco LocalDirector enable password loss"
Maybe in reply to: G P R: "Linux IP fragment overlap bug"