Bugtraq mailing list archives
Re: IPv4 fragmentation --> The Rose Attack
From: stanislav shalunov <shalunov () internet2 edu>
Date: 31 Mar 2004 15:07:31 -0500
<gandalf () digital net> writes:
While this discussion pertains to IPv4, IPv6 also allows fragmentation and I suspect IPv6 will also be affected by this attack.
IPv6 does not have en-route fragmentation and, therefore, has no reassembly. IPv6 is not affected. Interesting attack. Various standards require behaviors that lead to unlimited memory usage. For example, my netkill attack shows how to cause a TCP stack to use all memory that is available to it. The Rose attack doesn't even use TCP to achieve a similar effect. A mitigating strategy would be to give the IPv4 reassembly code a certain amount of memory and, when that memory is filled, drop random packets that are being reassembled. The data structures used to hold fragments must allow to only hold those parts that have already arrived. This would still allow attacks on the reassembly facility itself (an attacker could keep the reassembly memory full and cause the majority of legitimate fragmented packets to be dropped by the receiver), but at least other parts of the stack and the OS would not suffer. -- Stanislav Shalunov http://www.internet2.edu/~shalunov/
Current thread:
- NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. Paul (Mar 30)
- Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. Joe Stewart (Mar 30)
- IPv4 fragmentation --> The Rose Attack gandalf (Mar 31)
- Re: IPv4 fragmentation --> The Rose Attack stanislav shalunov (Mar 31)
- IPv4 fragmentation --> The Rose Attack gandalf (Mar 31)
- Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. Joe Stewart (Mar 30)