Arbor Networks DoS defense product
Johannes Ullrich
jullrich at euclidian.com
Fri May 17 17:55:59 UTC 2002
> > Unfortunately, things like TCP ECN and ICMP 'Frag Needed' are often considered
> > "funny packets".
> I know ECN etc have been used to evade firewalls but afaik have not been
> known in and of themselves to compromise or crash hosts or make them do
> any "funny things" besides dropping the packets outright.
>
> If you have information to the contrary please let me know.
The ECN bits have been used in the past to do OS finger printing.
Not a big issue IMHO, but some people don't like it.
--
--------------------------------------------------------------------
jullrich at euclidian.com Collaborative Intrusion Detection join http://www.dshield.org
More information about the NANOG
mailing list