Firewalls: Re: IP fragmentation attacks (was: Pentagon displays due respect...)

Firewalls
(March 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: IP fragmentation attacks (was: Pentagon displays due respect...)
From:	Paul Ferguson <pferguso @ cisco . com>
Date:	Wed, 06 Mar 1996 10:48:09 -0500
To:	Barney Wolff <barney @ databus . com>
Cc:	Firewalls @ GreatCircle . COM

At 01:15 PM 3/5/96 EST, Barney Wolff wrote:

>>
>>At least two fragments are sent. (It may require a third.)
>>A) FO=0 length >= 16  [i.e. A complete header ]
>>B) FO=0, length 8 bytes [i.e. Ports & Sequence number only]

[snip]

>
>The key to defeating this is to drop fragment B.  While it is strictly
>speaking legal, in practice it's all but certain to be an attack and
>nothing is lost by dropping it.
>

Correct.  :-)

- paul

--
Paul Ferguson                                           ||        ||
Consulting Engineering                                  ||        ||
Reston, Virginia   USA                                 ||||      ||||
tel: +1.703.716.9538                               ..:||||||:..:||||||:..
e-mail: pferguso @
 cisco .
 com                         c i s c o S y s t e m s

Indexed By Date	Previous:	Re: [C4I-Pro] CVIRUS PART 3 OF 3 (fwd) From: "KM" <goertzek @ gateway . wangfed . com>
Indexed By Date	Next:	DNS proxy From: Edwin Montoya <emontoya @ sigma . eafit . edu . co>
Indexed By Thread	Previous:	Re: IP fragmentation attacks (was: Pentagon displays due From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Thread	Next:	Correction on prev msg- Sec From: "Fabio Omenigrandi" <Fabio_Omenigrandi @ email . ssb . it>