[Nlnog] Kan weer leuk worden... NISCC Vulnerability Advisory ICMP

G.J. Moed gjmoed at xenosite.net
Tue Apr 12 14:44:44 UTC 2005


Het duurde even voor dat ie er stond:
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml

Sabri Berisha wrote:
> On Tue, Apr 12, 2005 at 02:54:54PM +0200, G.J. Moed wrote:
> 
> 
>>Zie verder: 
>>http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
> 
> 
>  532967/NISCC/ICMP/2
>  CVE number: CAN-2004-1060
> 
>  In the case where a host complies with RFC 1191 ("Path MTU Discovery"),
>  it is possible to
>  use the blind connection-reset attack with a ICMP Type 3 Code 4 packet
>  and the addition of
>  the "next-hop MTU" field in the ICMP header set to a value of 68
>  (octets) to slow down the
>  transmission rate for traffic from the host.
> 
> Net even vluchtig doorgelezen. Dit is niet *zomaar* te doen aangezien
> RFC1191 voorschrijft dat de header + eerste 64 bits van het originele
> packet worden meegestuurd. Elke sane ip-stack zal daar op controleren.
> 






More information about the NLNOG mailing list