Re: [Full-Disclosure] A new TCP/IP blind data injection technique?
Date: Sat Dec 13 2003 - 14:04:10 CST
On Sat, 13 Dec 2003 03:35:25 MST, Michael Gale <michael@bluesuperman.com> said:
> For example the BorderWare Firewall will not accept fragmented packets,
> they are working on a firewall function that when fragmented packets
> arrive. It will save the first piece plus all frags until the final one
> is received. But the packet back together and do a sanity check of some
> sort. Then pass or drop the packet.
So the problem is that the host may re-assemble a fragmented packet with injected
data in it.
And we protect against it by.... you got it.. having the firewall re-assemble the
fragmented packet with injected data and then handing the re-assembled full
packet (with injected data) to the host.
Whoops.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
This archive was generated by hypermail 2.1.8 : Sun Dec 14 2003 - 02:01:01 CST
