El vie, 20 de 08 de 2004 a las 03:41, David Gillett escribiÃ:
-----Original Message-----
RFC 3128 - Protection Against a Variant of the Tiny Fragment Attack
I don't think I've seen this one, but I doubt there's a better
defence
than
"drop fragmented traffic". I will be surprised and fascinated if it
demonstrates
otherwise.
[Okay, I've read it now, and it basically just pokes a hole in one
of the
defences suggested in RFC 1858 -- it does nothing to extend the scope
to
include additional vulnerabilities inherent in packet reassembly.]
Martin MaÄok
IT Security Consultant
I don't understand really what's the problem with letting fragmented
packets to go into your firewall. A modern Operating System like
Linux acting as a firewall should reassembly even the most fragmented
packets, and for the ones it can't (suspicious traffic) the firewall
should have rules to drop them (like ACKs without SYN or fragments
without a corresponding SYN). I'm talking about a stateful firewall
obviously.
I'm quite interested in the subject so if you can tell me if I am
right or wrong (talking about Linux or similar modern operating
systems acting as firewalls) I would be very thankful.
--
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÃA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
