Full Disclosure mailing list archives
Re: A new TCP/IP blind data injection technique?
From: Michael Gale <michael () bluesuperman com>
Date: Mon, 15 Dec 2003 10:15:23 -0700
Hello, Well first of all, one of the industry leading firewalls ( BorderWare Firewall Server ) does NOT pass fragmented packets. Also netfilter / iptables has the following optio: [!] -f, --fragment This means that the rule only refers to second and further fragments of fragmented packets. Since there is no way to tell the source or destination ports of such a packet (or ICMP type), such a packet will not match any rules which specify them. When the "!" argument precedes the "-f" flag, the rule will only match head fragments, or unfragmented packets. I have a rule at the beginning: iptables -A INPUT -f -j DROP So all my firewall boxes and any I have setup for other companies DROP fragmented packets. Michael. On Sun, 14 Dec 2003 10:24:55 +0100 (CET) Michal Zalewski <lcamtuf () ghettot org> wrote:
On Sat, 13 Dec 2003, Michael Gale wrote:Well then .. I am happy that non of the firewalls I use accept or pass fragments packets.I would be willing to assume you are confused. Can you provide any references that would confirm this observation? -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2003-12-14 10:24 -- http://lcamtuf.coredump.cx/photo/current/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: A new TCP/IP blind data injection technique?, (continued)
- Re: A new TCP/IP blind data injection technique? Stephen Frost (Dec 12)
- Re: A new TCP/IP blind data injection technique? Jeff Kell (Dec 12)
- Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 11)
- Re: A new TCP/IP blind data injection technique? Mikael Abrahamsson (Dec 11)
- RE: A new TCP/IP blind data injection technique? David Gillett (Dec 11)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 13)
- Re: A new TCP/IP blind data injection technique? Valdis . Kletnieks (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 13)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 14)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Re: A new TCP/IP blind data injection technique? Michal Zalewski (Dec 15)
- Re: A new TCP/IP blind data injection technique? Michael Gale (Dec 15)
- Breaking the checksum (a new TCP/IP blind data injection technique) Michal Zalewski (Dec 14)