[3547] in bugtraq
Re: Suspicion about denial of service attacks possible on IP.
daemon@ATHENA.MIT.EDU (Jon Lewis)
Tue Oct 22 14:12:28 1996
Date: Tue, 22 Oct 1996 08:49:10 -0400
Reply-To: Jon Lewis <jlewis@inorganic5.fdt.net>
From: Jon Lewis <jlewis@inorganic5.fdt.net>
X-To: Henrik P Johnson <hpj@one.se>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.HPP.3.95.961021181919.1137F-100000@tide.one.se>
On Mon, 21 Oct 1996, Henrik P Johnson wrote:
> I was idly reading through Internetworking with TCP/IP yesterday when it hit me
> what might be a possible denial of service attack on IP stacks. What would
> happen if a host was bombarded with faked fragments of large IP packages. Would
> the stack allocate more and more memory trying to reconstruct the packages or
> do they operate with a fixed/max size limit on memory allocated for IP
> defragmentation?
This happened a few months ago to our IRC server. I don't remember if it
was linux 1.2.x or 2.0.x at the time. The result was the system basically
ran out of memory and became unusable for several minutes. Eventually, it
did fully recover without a reboot.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
