[9390] in bugtraq
Re: More oshare testing.
daemon@ATHENA.MIT.EDU (Cristiano Lincoln Mattos)
Fri Feb 5 14:51:18 1999
Date: Fri, 5 Feb 1999 12:45:08 -0200
Reply-To: Cristiano Lincoln Mattos <lincoln@HOTLINK.COM.BR>
From: Cristiano Lincoln Mattos <lincoln@HOTLINK.COM.BR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSI.3.91.990203232431.10689D-100000@chesapeake.net>
The router's that would drop the packet based on the 1.1.1.1 src
address are the one's that have anti-ip-spoofing ACL's installed, which
(unfornately) not all have. Since the oshare packet's have invalid
checksums for the IP header, that is a more concrete reason of why routers
drop them (in all my tests), obeying to the Router requirements
RFC. Router's tested: Cisco, Ascend, and Linux 2.0.36 with ip-forwarding.
Cristiano Lincoln Mattos Recife / Brazil
On Wed, 3 Feb 1999, Jeff Roberson wrote:
> The ethernet adapter is on a completely different layer from IP, so I
> doubt the netcard has much to do with the attack. Also, I notice in the
> original email, the author claims that the attack wont work if your not
> on the same segment. This is simply because the packet's source address is
> 1.1.1.1, so most routers will drop this packet. Finally, could
> people be more specific when they post about crashes? By this I mean,
> what patches they have installed, what network protocols/services/and
> adapters they have? This information might be usefull in understanding
> who this bug really affects.
>
> Jeff
