[Nlnog] Kan weer leuk worden... NISCC Vulnerability Advisory ICMP
G.J. Moed
gjmoed at xenosite.net
Tue Apr 12 13:08:04 UTC 2005
True,
maar toch:
Vendors affected: multiple
Operating Systems affected: multiple
Applications/Services affected: multiple
ben benieuwd ;-)
oftewel, wie hebben er geen 'sane' ip-stack...
Sabri Berisha wrote:
> On Tue, Apr 12, 2005 at 02:54:54PM +0200, G.J. Moed wrote:
>
>
>>Zie verder:
>>http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
>
>
> 532967/NISCC/ICMP/2
> CVE number: CAN-2004-1060
>
> In the case where a host complies with RFC 1191 ("Path MTU Discovery"),
> it is possible to
> use the blind connection-reset attack with a ICMP Type 3 Code 4 packet
> and the addition of
> the "next-hop MTU" field in the ICMP header set to a value of 68
> (octets) to slow down the
> transmission rate for traffic from the host.
>
> Net even vluchtig doorgelezen. Dit is niet *zomaar* te doen aangezien
> RFC1191 voorschrijft dat de header + eerste 64 bits van het originele
> packet worden meegestuurd. Elke sane ip-stack zal daar op controleren.
>
More information about the NLNOG
mailing list