[24503] in bugtraq
Re: Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect)
daemon@ATHENA.MIT.EDU (Andrew M Hoerter)
Fri Mar 1 18:31:50 2002
Date: Fri, 1 Mar 2002 13:38:35 -0500
From: Andrew M Hoerter <amh@POBOX.COM>
To: "Brewis, Mark" <mark.brewis@eds.com>
Cc: "'Joshua Newton'" <babyswan@comcast.net>, bugtraq@securityfocus.com
Message-ID: <20020301133835.A23105@valais.cristogrp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <120097989CFFD1118B8C00805FFEE24607D6400A@GBWTM001>; from mark.brewis@eds.com on Wed, Feb 27, 2002 at 01:50:22PM -0000
On Wed, 27 February 2002 A.D., Brewis, Mark wrote:
> Quite often these are commercial, off the peg TCP/IP stacks. I have seen
> some dreadful examples, both in terms of fragility and of TCP sequence
> number generation. I've seen sequential, sequential based on standard
> increments, and repeating sequences.
>
> [...]
>
> Compromise a network via the printers and you will have a network managers
> attention. The only problem lies in the paucity of solutions available to
> correct the issue.
Although it won't guard against attacks from within, one excellent
solution to this problem is an appropriately designed firewall. The
latest release of OpenBSD[1] contains a new packet filter (`pf') which
can help protect buggy TCP stacks. Two features will be of interest:
* The 'modulate state' directive, which causes a highly random initial
sequence number to be substituted for those supplied by a less
vigilant stack.
* The 'scrub' directive, which causes full fragment reassembly and
other packet normalization to take place before delivery to possibly
fragile stacks.
[1] http://www.openbsd.org/
--
"Everyone may openly covet everyone else's property, as long as he
appeals to democracy; and everyone may act on his desire for another
man's property, provided that he finds entrance into government."
-- Hans-Hermann Hoppe
