Mailinglist Archive: opensuse-security (487 mails)
| < Previous | Next > |
Re: [suse-security] New TCP-stack-exploit a hoax
- From: "GentooRulez" <paranoiac_user@xxxxxxxxxx>
- Date: Fri, 18 Oct 2002 12:53:53 +0200
- Message-id: <000501c27694$a682e9f0$2464a8c0@pc10032>
>> Thats not what a asked. Assuming conn-track works fine and my
>> ip-filter decides to drop the package. When will this take place ?
>> Before defragmenting packet or with defragmented packets,. The
>> last case means such an exploit would work.
>Thats more than theoretical. If you do not know where the
>bug is (if there is one) then why making the assumption
>that part X is safe?
Simply because not the netfilter code was adressed to be buggy, but
the tcp "stack" implementaion.
>It will probably only put you into wrong feeling of security if such a
>bug really exists.
No, dont think so. That is why i asked that theoretical question which
is not answered until know. Will netfilter block such kind of packets when
a attacker tries to root my box ??? Or is a malicious packets handled
by the kernel before netfilter comes to inspect them ???
>Who tells that such a fragmented packet does not belong to a connection
>at all? :) If you have a public webserver I guess its easy to have
fragmented
>packets for a tracked connection.
This is another possibility to get infected, but it doesnt affect e.g. vpn
router.
>Anyway, its probably not necessary to discuss that if noone
>knows any details.
Dont think so. Its always good to talk about.
GTIF
Michael
>> ip-filter decides to drop the package. When will this take place ?
>> Before defragmenting packet or with defragmented packets,. The
>> last case means such an exploit would work.
>Thats more than theoretical. If you do not know where the
>bug is (if there is one) then why making the assumption
>that part X is safe?
Simply because not the netfilter code was adressed to be buggy, but
the tcp "stack" implementaion.
>It will probably only put you into wrong feeling of security if such a
>bug really exists.
No, dont think so. That is why i asked that theoretical question which
is not answered until know. Will netfilter block such kind of packets when
a attacker tries to root my box ??? Or is a malicious packets handled
by the kernel before netfilter comes to inspect them ???
>Who tells that such a fragmented packet does not belong to a connection
>at all? :) If you have a public webserver I guess its easy to have
fragmented
>packets for a tracked connection.
This is another possibility to get infected, but it doesnt affect e.g. vpn
router.
>Anyway, its probably not necessary to discuss that if noone
>knows any details.
Dont think so. Its always good to talk about.
GTIF
Michael
| < Previous | Next > |