RFC3514
Owen DeLong
owen at delong.com
Tue Apr 1 17:22:22 UTC 2003
Hmmm.... Must be 4/1 again.
Owen
--On Tuesday, April 1, 2003 9:33 AM -0600 Jack Bates <jbates at brightok.net>
wrote:
>
> Scott Francis wrote:
>> Comments?
>>
>> (Nice to see Mr. Bellovin keeping up the holiday tradition ... :))
> Yep.
>
> " Fragments that by themselves are dangerous MUST have the evil bit
> set. If a packet with the evil bit set is fragmented by an
> intermediate router and the fragments themselves are not dangerous,
> the evil bit MUST be cleared in the fragments, and MUST be turned
> back on in the reassembled packet."
>
> There is no guidelines for specifying how the router will determine if
> the fragments themselves are dangerous. An attacker may carefully design
> the evil packet with the expectation of fragmentation, allowing the
> fragments themselves to be the tool of the attack. It is therefore
> recommended that all fragment of a packet with the evil bit set should
> also have the evil bit set when fragmentation is performed by an
> intermediate router incapable of determining the dangerous nature of the
> packets.
>
>
> :)
>
> -Jack
>
More information about the NANOG
mailing list