Firewall stateful handling of ICMP packets
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Dec 4 03:53:51 UTC 2003
On Wed, 03 Dec 2003 15:57:37 PST, Owen DeLong <owen at delong.com> said:
> around. (In fact, I'm hard pressed to imagine how a Frag needed packet
> for an invalid session could do much of anything).
You can use a forged 'frag needed' to stomp an existing connection of the
victim's down to 64 byte MTU or similar silliness, but other than sheer
"it's a packet" DDoS effects, I can't think of a malicious use for one for
an invalid session either....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031203/c56c2306/attachment.sig>
More information about the NANOG
mailing list