Re: [Full-Disclosure] A new TCP/IP blind data injection technique?

From: Michael Gale (michael_at_bluesuperman.com)
Date: 12/13/03

  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] A new TCP/IP blind data injection technique?"
    To: full-disclosure@lists.netsys.com
    Date: Sat, 13 Dec 2003 08:40:37 -0700
    
    

    Well then .. I am happy that non of the firewalls I use accept or pass
    fragments packets.

    Michael.

    On Sat, 13 Dec 2003 15:04:10 -0500
    Valdis.Kletnieks@vt.edu wrote:

    > On Sat, 13 Dec 2003 03:35:25 MST, Michael Gale
    > <michael@bluesuperman.com> said:
    >
    > > For example the BorderWare Firewall will not accept fragmented
    > > packets, they are working on a firewall function that when
    > > fragmented packets arrive. It will save the first piece plus all
    > > frags until the final one is received. But the packet back together
    > > and do a sanity check of some sort. Then pass or drop the packet.
    >
    > So the problem is that the host may re-assemble a fragmented packet
    > with injected data in it.
    >
    > And we protect against it by.... you got it.. having the firewall
    > re-assemble the fragmented packet with injected data and then handing
    > the re-assembled full packet (with injected data) to the host.
    >
    > Whoops.
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] A new TCP/IP blind data injection technique?"