The router's that would drop the packet based on the 1.1.1.1 src address are the one's that have anti-ip-spoofing ACL's installed, which (unfornately) not all have. Since the oshare packet's have invalid checksums for the IP header, that is a more concrete reason of why routers drop them (in all my tests), obeying to the Router requirements RFC. Router's tested: Cisco, Ascend, and Linux 2.0.36 with ip-forwarding. Cristiano Lincoln Mattos Recife / Brazil On Wed, 3 Feb 1999, Jeff Roberson wrote: > The ethernet adapter is on a completely different layer from IP, so I > doubt the netcard has much to do with the attack. Also, I notice in the > original email, the author claims that the attack wont work if your not > on the same segment. This is simply because the packet's source address is > 1.1.1.1, so most routers will drop this packet. Finally, could > people be more specific when they post about crashes? By this I mean, > what patches they have installed, what network protocols/services/and > adapters they have? This information might be usefull in understanding > who this bug really affects. > > Jeff
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:51 PDT