Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
From: Michael Gale (michael_at_bluesuperman.com)
To: firstname.lastname@example.org Date: Sat, 13 Dec 2003 08:40:37 -0700
Well then .. I am happy that non of the firewalls I use accept or pass
On Sat, 13 Dec 2003 15:04:10 -0500
> On Sat, 13 Dec 2003 03:35:25 MST, Michael Gale
> <email@example.com> said:
> > For example the BorderWare Firewall will not accept fragmented
> > packets, they are working on a firewall function that when
> > fragmented packets arrive. It will save the first piece plus all
> > frags until the final one is received. But the packet back together
> > and do a sanity check of some sort. Then pass or drop the packet.
> So the problem is that the host may re-assemble a fragmented packet
> with injected data in it.
> And we protect against it by.... you got it.. having the firewall
> re-assemble the fragmented packet with injected data and then handing
> the re-assembled full packet (with injected data) to the host.
Full-Disclosure - We believe in it.