[Nlnog] Kan weer leuk worden... NISCC Vulnerability Advisory ICMP
G.J. Moed
gjmoed at xenosite.net
Tue Apr 12 14:44:44 UTC 2005
Het duurde even voor dat ie er stond:
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
Sabri Berisha wrote:
> On Tue, Apr 12, 2005 at 02:54:54PM +0200, G.J. Moed wrote:
>
>
>>Zie verder:
>>http://www.niscc.gov.uk/niscc/docs/al-20050412-00308.html?lang=en
>
>
> 532967/NISCC/ICMP/2
> CVE number: CAN-2004-1060
>
> In the case where a host complies with RFC 1191 ("Path MTU Discovery"),
> it is possible to
> use the blind connection-reset attack with a ICMP Type 3 Code 4 packet
> and the addition of
> the "next-hop MTU" field in the ICMP header set to a value of 68
> (octets) to slow down the
> transmission rate for traffic from the host.
>
> Net even vluchtig doorgelezen. Dit is niet *zomaar* te doen aangezien
> RFC1191 voorschrijft dat de header + eerste 64 bits van het originele
> packet worden meegestuurd. Elke sane ip-stack zal daar op controleren.
>
More information about the NLNOG
mailing list