Firewalls: Re: Pentagon displays due respect for hackers

Firewalls
(March 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Pentagon displays due respect for hackers
From:	Darren Reed <avalon @ coombs . anu . edu . au>
Date:	Fri, 1 Mar 1996 20:35:03 +1100 (EDT)
To:	sgcccdc @ citec . qld . gov . au (Colin Campbell)
Cc:	darrell @ teleport . com, firewalls @ GreatCircle . COM
In-reply-to:	<199602282357 . JAA03770 @ guru . citec . qld . gov . au> from "Colin Campbell" at Feb 29, 96 09:57:23 am

In some mail from Colin Campbell, sie said:
> 
> My mailer thinks Darrell Fuhriman said:
> > 
> > > > ... ip fragmentation attacks,
> > > 
> > > Wozzat?
> > 
> > Fragment the IP packet so the address are in different packets, as well as
> > the port number.  The router can't buffer them, and can't filter
> > them until it knows all the information.  So, it lets them through.  And
> > since most firewalls only block on the SYN... tada.. open connection.
> 
> So, if I run input filters only, I am susceptible to this attack. Correct?

Possibly.  Most vendors/implementations patched this - eventually.
Make sure you understand how it is handled.

> I take it, then, that output filters kill this attack to other hosts but the
> router still susceptible since the packet never makes it to the output
> filters?

No, if your output filter drops the packet, it becomes an IP spoofing attack
problem (guess the TCP ISS value in the reply you don't see).

darren

Indexed By Date	Previous:	Re: 3Com Routers From: bobk @ manzanita . DEV . 3Com . COM (Bob Konigsberg)
Indexed By Date	Next:	Proxy for netbios-session From: James Youngman VGGAS <JYoungman @ vggas . com>
Indexed By Thread	Previous:	*Re: SQLNet proxy?** From: Vinci Chou <vkmchou @ HK . Super . NET>
Indexed By Thread	Next:	RE: Pentagon displays due respect for hackers From: "FreedmanJ" <FreedmanJ @ mail . ndhm . gtegsc . com>