| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: A new TCP/IP blind data injection technique? On Sat, 13 Dec 2003 03:35:25 MST, Michael Gale <michael@...esuperman.com> said: > For example the BorderWare Firewall will not accept fragmented packets, > they are working on a firewall function that when fragmented packets > arrive. It will save the first piece plus all frags until the final one > is received. But the packet back together and do a sanity check of some > sort. Then pass or drop the packet. So the problem is that the host may re-assemble a fragmented packet with injected data in it. And we protect against it by.... you got it.. having the firewall re-assemble the fragmented packet with injected data and then handing the re-assembled full packet (with injected data) to the host. Whoops. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031213/e95f43e7/attachment.bin
Powered by blists - more mailing lists