Bugtraq mailing list archives

Re: unused bit attack alert

From: antirez () LINUXCARE COM (antirez)
Date: Wed, 23 Feb 2000 13:14:06 +0100


On Mon, Feb 21, 2000 at 02:36:17PM -0800, Vern Paxson wrote:

LigerTeam, strongly propose inserting of
solution code before the computing of flag
variable.

  flag = flags & 0x3f;


Otherwise you are still vulnerable to attackers setting legitimate flags
in bogus combinations, such as adding URG to a SYN.


Also since the valid TCP flags combinations are fixed
and just ~ 13 at cost of some overhead you can simply
allows only this. An example is the ipt_unclean netfilter
module.
For LigerTeam: this is a known problem, please don't claim
you have discovered it (see BUGTRAQ archive).

antirez

--
Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa
+39.049.8024648 tel, +39.049.8036484 fax
antirez () linuxcare com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.

Current thread:

Re: unused bit attack alert Vern Paxson (Feb 21)
- Microsoft Security Bulletin (MS00-012) Microsoft Product Security (Feb 22)
- redhat 6.0: single user boot security hole Darren Reed (Feb 22)
- Re: unused bit attack alert antirez (Feb 23)
- Multiple vulnerabilities with Outblaze-based e-mail providers .sozni (Feb 23)
  - SANE 2000 program details and registration - May 22-25, 2000 Fred Donck (Feb 25)
  - DoSing the Netgear ISDN RT34x router. Swift Griggs (Feb 25)
    - Re: DoSing the Netgear ISDN RT34x router. Mike Wade (Feb 25)
- <Possible follow-ups>
- Re: unused bit attack alert Mullen, Patrick (Feb 22)
- Re: unused bit attack alert Max Vision (Feb 23)
  - Re: unused bit attack alert Max Vision (Feb 24)