Bugtraq mailing list archives
Re: Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect)
From: Andrew M Hoerter <amh () POBOX COM>
Date: Fri, 1 Mar 2002 13:38:35 -0500
On Wed, 27 February 2002 A.D., Brewis, Mark wrote:
Quite often these are commercial, off the peg TCP/IP stacks. I have seen some dreadful examples, both in terms of fragility and of TCP sequence number generation. I've seen sequential, sequential based on standard increments, and repeating sequences. [...] Compromise a network via the printers and you will have a network managers attention. The only problem lies in the paucity of solutions available to correct the issue.
Although it won't guard against attacks from within, one excellent solution to this problem is an appropriately designed firewall. The latest release of OpenBSD[1] contains a new packet filter (`pf') which can help protect buggy TCP stacks. Two features will be of interest: * The 'modulate state' directive, which causes a highly random initial sequence number to be substituted for those supplied by a less vigilant stack. * The 'scrub' directive, which causes full fragment reassembly and other packet normalization to take place before delivery to possibly fragile stacks. [1] http://www.openbsd.org/ -- "Everyone may openly covet everyone else's property, as long as he appeals to democracy; and everyone may act on his desire for another man's property, provided that he finds entrance into government." -- Hans-Hermann Hoppe
Current thread:
- Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect) Brewis, Mark (Mar 01)
- Re: Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect) Andrew M Hoerter (Mar 01)