On Mon, Feb 21, 2000 at 02:36:17PM -0800, Vern Paxson wrote: > > LigerTeam, strongly propose inserting of > > solution code before the computing of flag > > variable. > > > > flag = flags & 0x3f; > > Otherwise you are still vulnerable to attackers setting legitimate flags > in bogus combinations, such as adding URG to a SYN. Also since the valid TCP flags combinations are fixed and just ~ 13 at cost of some overhead you can simply allows only this. An example is the ipt_unclean netfilter module. For LigerTeam: this is a known problem, please don't claim you have discovered it (see BUGTRAQ archive). antirez -- Salvatore Sanfilippo, Open Source Developer, Linuxcare Italia spa +39.049.8024648 tel, +39.049.8036484 fax antirezat_private, http://www.linuxcare.com/ Linuxcare. Support for the revolution.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:45 PDT