Bugtraq mailing list archives
RE: TCP/IP implementations do not adequately validate ICMP error messages
From: "David Schwartz" <davids () webmaster com>
Date: Tue, 10 May 2005 13:38:19 -0700
when I add the following rule to iptables, the linux server (Kernel 2.4.29-grsec) is no longer vulnerable to the DOS: iptables -I INPUT 1 -p icmp -j DROP I am interested in knowing if this work around makes any sense. Please keep me informed about this vulnerability.
This breaks PMTU detection. ICMP is a host requirement, it is not optional. DS
Current thread:
- TCP/IP implementations do not adequately validate ICMP error messages Alok Menghrajani - Ilion Security SA (May 10)
- Re: TCP/IP implementations do not adequately validate ICMP error messages Peter Keel (May 11)
- Re: TCP/IP implementations do not adequately validate ICMP error messages Maciej Soltysiak (May 11)
- Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages David Nichols (May 11)
- RE: TCP/IP implementations do not adequately validate ICMP error messages David Schwartz (May 11)