[Nlnog] Kan weer leuk worden... NISCC Vulnerability Advisory ICMP
Sabri Berisha
sabri at cluecentral.net
Tue Apr 12 12:53:06 UTC 2005
On Tue, Apr 12, 2005 at 02:54:54PM +0200, G.J. Moed wrote:
> Zie verder:
> http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
532967/NISCC/ICMP/2
CVE number: CAN-2004-1060
In the case where a host complies with RFC 1191 ("Path MTU Discovery"),
it is possible to
use the blind connection-reset attack with a ICMP Type 3 Code 4 packet
and the addition of
the "next-hop MTU" field in the ICMP header set to a value of 68
(octets) to slow down the
transmission rate for traffic from the host.
Net even vluchtig doorgelezen. Dit is niet *zomaar* te doen aangezien
RFC1191 voorschrijft dat de header + eerste 64 bits van het originele
packet worden meegestuurd. Elke sane ip-stack zal daar op controleren.
--
Sabri Berisha, - CCNA, JNCIA #747
Internetworking Professional - +31 (0) 6 19890416
http://www.cluecentral.net - http://www.virt-ix.net
More information about the NLNOG
mailing list