Re: Potential crafted packets vulnerability in firewalls

From:
Date: 11/05/02


Date: 5 Nov 2002 19:58:41 GMT

Joe <joe@jretrading.com> wrote:
> There is an INVALID state test. e.g.:

> iptables -A INPUT -m state --state INVALID -j badpacket

> Are there any invalid flag combinations that this doesn't pick up?

I always thought that the check to see if a packet was ESTABLISHED or
RELATED was more complicated than just checking the tcp flags to see if
they match. Doesn't it also do some sort of check on other fields of the
tcp/ip header?

Also, is INVALID even a list of tcp flags that aren't accepted, or does it
check if it matches ESTABLISHED, NEW, and RELATED first, and if not it is
considered INVALID?

Thanks,
Scott



Relevant Pages

  • Re: Potential crafted packets vulnerability in firewalls
    ... >> There is an INVALID state test. ... >Also, is INVALID even a list of tcp flags that aren't accepted, or does it ... connections which have been initiated by a proper SYN handshake. ...
    (comp.os.linux.security)
  • Re: SLAB_LEVEL_MASK question
    ... other combinations are invalid. ... The only legal values for the flags ... send the line "unsubscribe linux-kernel" in ... Please read the FAQ at http://www.tux.org/lkml/ ...
    (Linux-Kernel)
  • Problems with hdparm
    ... In a root console, I ran hdparm with no flags, and got this: ... HDIO_GET_MULTCOUNT failed: Invalid argument ... I'm running a patched 2.4.20 kernel if that's any help. ... Cam Ellison Ph.D. R.Psych. ...
    (Debian-User)
  • Re: Need to add C flag when building a CPAN module
    ... > the list of C compiler flags that is ... > part of the Perl installation. ... (reverse each component and remove .invalid for email address) ...
    (comp.lang.perl.misc)