Bugtraq mailing list archives
Re: Suspicion about denial of service attacks possible on IP.
From: avalon () coombs anu edu au (Darren Reed)
Date: Wed, 23 Oct 1996 07:45:57 +1000
In some mail from Henrik P Johnson, sie said:
I was idly reading through Internetworking with TCP/IP yesterday when it hit me what might be a possible denial of service attack on IP stacks. What would happen if a host was bombarded with faked fragments of large IP packages. Would the stack allocate more and more memory trying to reconstruct the packages or do they operate with a fixed/max size limit on memory allocated for IP defragmentation?
It is possible, but it requires a lot of packets. Different boxes handle it differently too. When I tried it against my SunOS4 box, it didn't crash, but X-Windows could not be used after it ran out of mbufs. There's a bug in how overlapping mbufs are freed in BSD code upto 4.4BSD-Lite/2 (I believe) - that or it never got merged with FreeBSD 2.1.5. (Patch for this is included with IP Filter ;) For FreeBSD, it seems that the result is that it never frees the mbuf... Darren
Current thread:
- Suspicion about denial of service attacks possible on IP. Henrik P Johnson (Oct 21)
- Re: Suspicion about denial of service attacks possible on IP. Warner Losh (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Jon Lewis (Oct 22)
- Re: Suspicion denied Nathan Lawson (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Darren Reed (Oct 22)
- <Possible follow-ups>
- Re: Suspicion about denial of service attacks possible on IP. J.R.Valverde (Oct 22)
- Re: Suspicion about denial of service attacks possible on IP. Keith Bostic (Oct 22)