lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050707201541.GS18315@bofh.cns.ualberta.ca>
Date: Thu, 7 Jul 2005 14:15:41 -0600
From: Bob Beck <beck@...h.cns.ualberta.ca>
To: "J. Oquendo" <root@...iltrated.net>
Cc: Theo de Raadt <deraadt@....openbsd.org>,
	bugtraq@...urityfocus.com
Subject: Re: ICMP vulnerabilities


> >
> > Please read the article.  My take on this is that there are people
> > who don't want to fix this.
> >
> 
> This isn't news news, I've been tinkering with something along these
> lines since 1999:
> 

	Well, your article is your ponderings of how tcp work, and brat.c
does nothing like an MTU attack, it simply floods someone's bgp port,
whoopee, buy your bot-net and go to town. - That's not what the
article is about.  What fernando is talking about is not a flood which
requires a worm or something to grab enough bandwidth to attack
people, it's a blind attack which someone with idsn level connectivity
alone can probably send enough packets to make it work. 

	More importantly, the article is talking about FIXES for these
issues, rather than just wanking about it. It also seems to notice
that the corporate shills who have taken over the IETF are going out
of their way to ensure that things don't change in the standards, so
that their respective companies won't have to implement expensive
fixes that will cost them a lot of money to get to their customers.
This and combined with the aggressive tactics of companies like Cisco
who appeared to attempt to shut someone up who comes to the IETF with
an issue by threatening frivoulous legal action by claiming to patent
their work after the fact. 

	I find the whole story of how the IETF and the large companies
involved handling this very disturbing, although perhaps not surprising. 

	-Bob

	


	




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ