lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050714195822.GA14001@loder.us>
Date: Fri Jul 15 09:18:38 2005
From: cloder at loder.us (Chad Loder)
Subject: ICMP Security Vulnerabilities - NEW  (cough)

Vic,

Maybe you need to read (not skim) Fernando's draft?
The title is "ICMP Attacks Against TCP", and let me
emphasize the TCP part.

I find it interesting that you've gone through the
trouble of writing a 10 page email in which you
seem to be claiming partial credit for someone else's
work, but you have not bothered to include any
references to substantiate your claims, other than
a mailing list you can't remember, some private
conversations on a tangentially related subject
you've had with associates over the years, and your
newbie ICMP guide.

Unfortunately your email adds nothing new to the
discussion and only shows that you did not take the
time to understand the draft, nor the fixes that have
been implemented in OpenBSD and Linux.

Now, regarding your guide to ICMP filtering.  First,
your guide says nothing about the blind ICMP attacks
against TCP in Fernando's paper.  Your guide appears
to be a summary of other information (including guides
and published exploits) available well before 1994
(including, for god's sake, the "Security Considerations"
sections of RFC's published in 1990 and even earlier).

In addition, some of the advice in your guide is
dangerous for basically anyone other than home users
sitting behind a firewall.  This, too, was widely
known before your guide was published.

You need to hit the books.

        -Chad Loder

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ