RFC3514

• Previous message (by thread): RFC3514
• Next message (by thread): RFC3514
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hmmm.... Must be 4/1 again.

Owen


--On Tuesday, April 1, 2003 9:33 AM -0600 Jack Bates <jbates at brightok.net> 
wrote:

>
> Scott Francis wrote:
>> Comments?
>>
>> (Nice to see Mr. Bellovin keeping up the holiday tradition ... :))
> Yep.
>
> "   Fragments that by themselves are dangerous MUST have the evil bit
>     set.  If a packet with the evil bit set is fragmented by an
>     intermediate router and the fragments themselves are not dangerous,
>     the evil bit MUST be cleared in the fragments, and MUST be turned
>     back on in the reassembled packet."
>
> There is no guidelines for specifying how the router will determine if
> the fragments themselves are dangerous. An attacker may carefully design
> the evil packet with the expectation of fragmentation, allowing the
> fragments themselves to be the tool of the attack. It is therefore
> recommended that all fragment of a packet with the evil bit set should
> also have the evil bit set when fragmentation is performed by an
> intermediate router incapable of determining the dangerous nature of the
> packets.
>
>
> :)
>
> -Jack
>

• Previous message (by thread): RFC3514
• Next message (by thread): RFC3514
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]