Bugtraq mailing list archives

Re: BindView Security Advisory: SSR Denial of Service

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Thu, 25 Nov 1999 01:13:22 +0000

The danger in this problem arises from the fact that many perimeter defenses
(firewalls) permit ICMP through, which means that remote, anonymous
attackers


Note that perimiter firewalls that don't let some ICMP through are broken
(If anyone from certain large search/net companies beginning with A and Y are
listening....). With return ICMP must fragment messages blocked the host
isnt properly accessible (in many cases not accessible at all) over lower
MTU paths like secure tunnels, groups of machines behind low mtu ppp links
etc.

A perimiter firewall can (and probably should) do stateful checking of the
ICMPs perhaps with rate limiting too.

Alan

Current thread:

Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper), (continued)
- - - Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Simple Nomad (Nov 24)
    - Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 24)
    - Re: Netscape communicator 4.x Javascript security flaw Metal Hurlant (Nov 26)
    - Re: Netscape communicator 4.x Javascript security flaw Ahmed Ghandour (Nov 26)
    - Windows NT 4.0 Service Pack 6A Breaks IP Forwarding Brendan Howes (Nov 25)
    - Oracle Web Listener Mnemonix (Nov 25)
    - [w00giving '99 #6]: UnixWare 7's Xsco Matt Conover (Nov 25)
    - Re: Operational Issues: Applications & Appliances (was: Buffer Overflow Survey Paper) Mark Seiden (Nov 24)
    - Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 24)
    - BindView Security Advisory: SSR Denial of Service BindView Security Advisory (Nov 24)
    - Re: BindView Security Advisory: SSR Denial of Service Alan Cox (Nov 24)
    - Oracle 8i questions Brock Tellier (Nov 23)
    - Printer Vulnerabilities (Tektronix and JetDirect) Elias Levy (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Darren Reed (Nov 20)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Cy Schubert - ITSD Open Systems Group (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Jefferson Ogata (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Shafik Yaghmour (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Olaf Kirch (Nov 24)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Goetz Babin-Ebell (Nov 24)
    - more about IP ID antirez () INVECE ORG (Nov 20)
    - FreeBSD sysinstall Jonas Eriksson (Nov 20)

(Thread continues...)