[3542] in bugtraq
Re: Suspicion about denial of service attacks possible on IP.
daemon@ATHENA.MIT.EDU (J.R.Valverde (jr))
Tue Oct 22 13:49:25 1996
Date: Tue, 22 Oct 1996 13:03:56 WET
Reply-To: "J.R.Valverde (jr)" <jrvalverde@samba.cnb.uam.es>
From: "J.R.Valverde (jr)" <jrvalverde@samba.cnb.uam.es>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Correct me if I'm wrong, but out of one corner of my head I seem to
remember that there is a maximum number of pieces you can maintain,
and that when it is filled, the system drops incomplete packets
according to some algorithm or another (LRU, timeout, or some
similar).
Guess I should restore some old mind-backup to refresh my memory.
Yup... ... ... ... . . .
BSD 4.4-Lite:
>/*
> * IP timer processing;
> * if a timer expires on a reassembly
> * queue, discard it.
> */
>void
>ip_slowtimo()
>{
>... ...
So, on BSD you add fragments to a reassembly queue, which has
a life time, and when this time expires, the fragments go to the bit
bucket. The function is hooked in to a protosw table, to be called on
slow timeouts (500 ms, modifiable through PR_SLOWHZ).
Hence, I suppose there could possibly be a DoS attack, but you
would need to flush the host machine fast enough...
jr
