[47875] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Johannes Ullrich)
Fri May 17 13:59:05 2002
Date: Fri, 17 May 2002 13:55:59 -0400
Message-Id: <20020517135559.0e9c7c66.jullrich@euclidian.com>
From: "Johannes Ullrich" <jullrich@euclidian.com>
To: "Dan Hollis" <goemon@anime.net>
Cc: Valdis.Kletnieks@vt.edu, nanog@merit.edu
X-Euclidian-Scanner-Mail-From: jullrich@euclidian.com via server
In-Reply-To: <Pine.LNX.4.44.0205171050350.5947-100000@sasami.anime.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
> > Unfortunately, things like TCP ECN and ICMP 'Frag Needed' are often considered
> > "funny packets".
> I know ECN etc have been used to evade firewalls but afaik have not been
> known in and of themselves to compromise or crash hosts or make them do
> any "funny things" besides dropping the packets outright.
>
> If you have information to the contrary please let me know.
The ECN bits have been used in the past to do OS finger printing.
Not a big issue IMHO, but some people don't like it.
--
--------------------------------------------------------------------
jullrich@euclidian.com Collaborative Intrusion Detection join http://www.dshield.org
