nanog mailing list archives

Re: Arbor Networks DoS defense product

From: "Johannes Ullrich" <jullrich () euclidian com>
Date: Fri, 17 May 2002 13:55:59 -0400

Unfortunately, things like TCP ECN and ICMP 'Frag Needed' are often considered
"funny packets".

I know ECN etc have been used to evade firewalls but afaik have not been 
known in and of themselves to compromise or crash hosts or make them do 
any "funny things" besides dropping the packets outright.

If you have information to the contrary please let me know.


The ECN bits have been used in the past to do OS finger printing.
Not a big issue IMHO, but some people don't like it.


-- 
--------------------------------------------------------------------
jullrich () euclidian com             Collaborative Intrusion Detection                                               
join http://www.dshield.org

Current thread:

Re: Arbor Networks DoS defense product, (continued)
- - - Re: Arbor Networks DoS defense product mval (May 16)
    - Re: Arbor Networks DoS defense product Scott Francis (May 16)
    - Re: Arbor Networks DoS defense product Scott Francis (May 16)
    - Message not available
    - Message not available
    - Message not available
    - Re: Arbor Networks DoS defense product Clayton Fiske (May 15)
    - Re: Arbor Networks DoS defense product PJ (May 15)
    - Re: Arbor Networks DoS defense product Clayton Fiske (May 15)
    - Re: Arbor Networks DoS defense product E.B. Dreger (May 15)
- Re: Arbor Networks DoS defense product Dan Hollis (May 16)
  - Re: Arbor Networks DoS defense product Valdis . Kletnieks (May 17)
    - Re: Arbor Networks DoS defense product Dan Hollis (May 17)
    - Re: Arbor Networks DoS defense product Johannes Ullrich (May 17)
  - Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
  - Re: Arbor Networks DoS defense product Scott Francis (May 17)
- Re: Arbor Networks DoS defense product Dan Hollis (May 17)
  - Re: Arbor Networks DoS defense product Scott Francis (May 17)
    - Message not available
    - Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
    - Re: "portscans" (was Re: Arbor Networks DoS defense product) Henry Yen (May 18)
    - Message not available
    - Re: "portscans" (was Re: Arbor Networks DoS defense product) Scott Francis (May 18)
    - Re: "portscans" (was Re: Arbor Networks DoS defense product) Ralph Doncaster (May 18)
    - Re[2]: "portscans" (was Re: Arbor Networks DoS defense product) Allan Liska (May 18)

(Thread continues...)