[57258] in North American Network Operators' Group
RE: RFC3514
daemon@ATHENA.MIT.EDU (todd glassey)
Tue Apr 1 12:52:18 2003
From: "todd glassey" <todd.glassey@worldnet.att.net>
To: "Owen DeLong" <owen@delong.com>,
"Jack Bates" <jbates@brightok.net>,
"Scott Francis" <darkuncle@darkuncle.net>
Cc: <nanog@merit.edu>
Date: Tue, 1 Apr 2003 09:50:06 -0800
In-Reply-To: <2147483647.1049188942@imac-en0.delong.sj.ca.us>
Errors-To: owner-nanog-outgoing@merit.edu
No the beauty of this is that it is declarative in nature.
That means that unless there is some law saying that this
transaction is different because it went over this protocol
as opposed to that one. And although while Steve is clearly
poking fun at the concept that one protocols is different
from another - this is true and is becoming more so every
day. So this is not so out of touch perhaps.
Todd Glassey
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On
Behalf Of
Owen DeLong
Sent: Tuesday, April 01, 2003 9:22 AM
To: Jack Bates; Scott Francis
Cc: nanog@merit.edu
Subject: Re: RFC3514
Hmmm.... Must be 4/1 again.
Owen
--On Tuesday, April 1, 2003 9:33 AM -0600 Jack Bates
<jbates@brightok.net>
wrote:
>
> Scott Francis wrote:
>> Comments?
>>
>> (Nice to see Mr. Bellovin keeping up the holiday
tradition ... :))
> Yep.
>
> " Fragments that by themselves are dangerous MUST have
the evil bit
> set. If a packet with the evil bit set is fragmented
by an
> intermediate router and the fragments themselves are
not dangerous,
> the evil bit MUST be cleared in the fragments, and
MUST be turned
> back on in the reassembled packet."
>
> There is no guidelines for specifying how the router will
determine if
> the fragments themselves are dangerous. An attacker may
carefully design
> the evil packet with the expectation of fragmentation,
allowing the
> fragments themselves to be the tool of the attack. It is
therefore
> recommended that all fragment of a packet with the evil
bit set should
> also have the evil bit set when fragmentation is performed
by an
> intermediate router incapable of determining the dangerous
nature of the
> packets.
>
>
> :)
>
> -Jack
>
