Re: [suse-security] New TCP-stack-exploit a hoax
BTW. If i've a stateful inspection of my ip-packets and drop all packets not related to a connection i established such fragmented packets mentioned should not care me ?!? OR am i FALSE ??
Why? Connection-tracking could be buggy too? ;-)
Thats not what a asked. Assuming conn-track works fine and my ip-filter decides to drop the package. When will this take place ? Before defragmenting packet or with defragmented packets,. The last case means such an exploit would work. greetingz Michael
BTW. If i've a stateful inspection of my ip-packets and drop all packets not related to a connection i established such fragmented packets mentioned should not care me ?!? OR am i FALSE ??
Why? Connection-tracking could be buggy too? ;-)
Thats not what a asked. Assuming conn-track works fine and my ip-filter decides to drop the package. When will this take place ? Before defragmenting packet or with defragmented packets,. The last case means such an exploit would work. Thats more than theoretical. If you do not know where the bug is (if there is one) then why making the assumption
On Fri, 18 Oct 2002, GentooRulez wrote: that part X is safe? It will probably only put you into wrong feeling of security if such a bug really exists. Who tells that such a fragmented packet does not belong to a connection at all? :) If you have a public webserver I guess its easy to have fragmented packets for a tracked connection. Anyway, its probably not necessary to discuss that if noone knows any details. S. -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~
participants (2)
-
GentooRulez
-
Sebastian Krahmer