[15072] in bugtraq
Addendum: Analysis of jolt2.c (MS00-029)
daemon@ATHENA.MIT.EDU (Mikael Olsson)
Fri May 26 14:58:15 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <392E79AE.AC3965DE@enternet.se>
Date: Fri, 26 May 2000 15:18:38 +0200
Reply-To: Mikael Olsson <mikael.olsson@ENTERNET.SE>
From: Mikael Olsson <mikael.olsson@ENTERNET.SE>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----------------------------------------------------------------
Subject: Addendum to Analysis of jolt2.c
Date: 2000-05-26
Author: Mikael Olsson, EnterNet Sweden <mikael.olsson@enternet.se>
------------------------------------------------------------------
I failed to mention proxy based firewalls in the discussion on
wether firewalls will protect against this attack or not.
Fact 1: A proxy firewall will NOT pass this attack pattern to
the protected network.
Fact 2: If the proxy firewall is running on a vulnerable OS and
doesn't have its own network layer code (relies on the MS stack),
the attack will DoS the firewall itself.
The fact of the matter is, any type firewall that runs on top
of Win9x/NT that doesn't have its own network layer code is
vulnerable to this attack.
I will _not_ speculate on which Windows based firewalls are
vulnerable or not.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 VRNSKVLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: mikael.olsson@enternet.se
