[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
- From: Michael Gale <michael@bluesuperman.com>
- Date: Sat, 13 Dec 2003 08:40:37 -0700
Well then .. I am happy that non of the firewalls I use accept or pass
fragments packets.
Michael.
On Sat, 13 Dec 2003 15:04:10 -0500
Valdis.Kletnieks@vt.edu wrote:
> On Sat, 13 Dec 2003 03:35:25 MST, Michael Gale
> <michael@bluesuperman.com> said:
>
> > For example the BorderWare Firewall will not accept fragmented
> > packets, they are working on a firewall function that when
> > fragmented packets arrive. It will save the first piece plus all
> > frags until the final one is received. But the packet back together
> > and do a sanity check of some sort. Then pass or drop the packet.
>
> So the problem is that the host may re-assemble a fragmented packet
> with injected data in it.
>
> And we protect against it by.... you got it.. having the firewall
> re-assemble the fragmented packet with injected data and then handing
> the re-assembled full packet (with injected data) to the host.
>
> Whoops.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html