Bugtraq mailing list archives
Re: unused bit attack alert
From: antirez () LINUXCARE COM (antirez)
Date: Wed, 23 Feb 2000 13:14:06 +0100
On Mon, Feb 21, 2000 at 02:36:17PM -0800, Vern Paxson wrote:
LigerTeam, strongly propose inserting of solution code before the computing of flag variable. flag = flags & 0x3f;Otherwise you are still vulnerable to attackers setting legitimate flags in bogus combinations, such as adding URG to a SYN.
Also since the valid TCP flags combinations are fixed and just ~ 13 at cost of some overhead you can simply allows only this. An example is the ipt_unclean netfilter module. For LigerTeam: this is a known problem, please don't claim you have discovered it (see BUGTRAQ archive). antirez -- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.8024648 tel, +39.049.8036484 fax antirez () linuxcare com, http://www.linuxcare.com/ Linuxcare. Support for the revolution.
Current thread:
- Re: unused bit attack alert Vern Paxson (Feb 21)
- Microsoft Security Bulletin (MS00-012) Microsoft Product Security (Feb 22)
- redhat 6.0: single user boot security hole Darren Reed (Feb 22)
- Re: unused bit attack alert antirez (Feb 23)
- Multiple vulnerabilities with Outblaze-based e-mail providers .sozni (Feb 23)
- SANE 2000 program details and registration - May 22-25, 2000 Fred Donck (Feb 25)
- DoSing the Netgear ISDN RT34x router. Swift Griggs (Feb 25)
- Re: DoSing the Netgear ISDN RT34x router. Mike Wade (Feb 25)
- <Possible follow-ups>
- Re: unused bit attack alert Mullen, Patrick (Feb 22)
- Re: unused bit attack alert Max Vision (Feb 23)
- Re: unused bit attack alert Max Vision (Feb 24)