[12726] in bugtraq
Re: BindView Security Advisory: SSR Denial of Service
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Nov 26 01:25:04 1999
Content-Type: text
Message-Id: <E11qnTP-0007CQ-00@the-village.bc.nu>
Date: Thu, 25 Nov 1999 01:13:22 +0000
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
X-To: advisory+ssrdos@BOS.BINDVIEW.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <000201bf36cd$7e5ec980$c4b04bcf@blake> from "BindView Security
Advisory" at Nov 24, 99 05:44:40 pm
> The danger in this problem arises from the fact that many perimeter defenses
> (firewalls) permit ICMP through, which means that remote, anonymous
> attackers
Note that perimiter firewalls that don't let some ICMP through are broken
(If anyone from certain large search/net companies beginning with A and Y are
listening....). With return ICMP must fragment messages blocked the host
isnt properly accessible (in many cases not accessible at all) over lower
MTU paths like secure tunnels, groups of machines behind low mtu ppp links
etc.
A perimiter firewall can (and probably should) do stateful checking of the
ICMPs perhaps with rate limiting too.
Alan
