[5640] in bugtraq
Re: Linux IP fragment overlap bug
daemon@ATHENA.MIT.EDU (Morbid Dead Guy)
Mon Nov 17 13:28:02 1997
Date: Sun, 16 Nov 1997 14:29:40 -0500
Reply-To: Morbid Dead Guy <bingm@STREAM.CSIS.GVSU.EDU>
From: Morbid Dead Guy <bingm@STREAM.CSIS.GVSU.EDU>
X-To: David LeBlanc <dleblanc@MINDSPRING.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.3.32.19971114225231.00adb7c0@mindspring.com>
> It may be the previous icmp-fix (ssping) that fixes the problem. Oddly
> enough, NT with no patches at all isn't vulnerable to this. I haven't
> quite sorted out exactly where the problem starts and stops, but I do know
> no patches and full patches aren't bothered by it.
This may not be completely true. I've reproduced the attack against an NT
Server 4.0 without any patches. I expected a blue-screen ala OOB attack,
but instead the machine just locked. On two different Linux machines
(2.0.0 and 2.0.31), the attack caused a reboot.
-matt-
http://rainbow.csis.gvsu.edu/electric
pgp:finger bingm@bass.csis.gvsu.edu
mailto:bingm@csis.gvsu.edu
