Firewall stateful handling of ICMP packets

• Previous message (by thread): Firewall stateful handling of ICMP packets
• Next message (by thread): Firewall stateful handling of ICMP packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 03 Dec 2003 15:57:37 PST, Owen DeLong <owen at delong.com>  said:

> around.  (In fact, I'm hard pressed to imagine how a Frag needed packet
> for an invalid session could do much of anything).

You can use a forged 'frag needed' to stomp an existing connection of the
victim's down to 64 byte MTU or similar silliness, but other than sheer
"it's a packet" DDoS effects, I can't think of a malicious use for one for
an invalid session either....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031203/c56c2306/attachment.sig>

• Previous message (by thread): Firewall stateful handling of ICMP packets
• Next message (by thread): Firewall stateful handling of ICMP packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]