Re: BindView Security Advisory: SSR Denial of Service

From: Alan Cox (alanat_private)
Date: Wed Nov 24 1999 - 17:13:22 PST

Next message: Swen Persson: "(no subject)"

Previous message: Gerardo Richarte: "Re: WordPad/riched20.dll buffer overflow"
Maybe in reply to: BindView Security Advisory: "BindView Security Advisory: SSR Denial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The danger in this problem arises from the fact that many perimeter defenses
> (firewalls) permit ICMP through, which means that remote, anonymous
> attackers

Note that perimiter firewalls that don't let some ICMP through are broken
(If anyone from certain large search/net companies beginning with A and Y are
listening....). With return ICMP must fragment messages blocked the host
isnt properly accessible (in many cases not accessible at all) over lower
MTU paths like secure tunnels, groups of machines behind low mtu ppp links
etc.

A perimiter firewall can (and probably should) do stateful checking of the
ICMPs perhaps with rate limiting too.

Alan

Next message: Swen Persson: "(no subject)"
Previous message: Gerardo Richarte: "Re: WordPad/riched20.dll buffer overflow"
Maybe in reply to: BindView Security Advisory: "BindView Security Advisory: SSR Denial of Service"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:17 PDT