[38791] in bugtraq
TCP/IP implementations do not adequately validate ICMP error messages
daemon@ATHENA.MIT.EDU (Alok Menghrajani - Ilion Security )
Tue May 10 16:24:35 2005
Message-ID: <4280CA6D.20602@ilionsecurity.ch>
Date: Tue, 10 May 2005 16:51:25 +0200
From: Alok Menghrajani - Ilion Security SA <alok@ilionsecurity.ch>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <1115211050.27412.ezmlm@securityfocus.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Hi,
I was playing around with the ICMP error messages DOS attack (I found an
exploit on securityfocus.org bid 13214), and I noticed the following
work around:
when I add the following rule to iptables, the linux server (Kernel
2.4.29-grsec) is no longer vulnerable to the DOS:
iptables -I INPUT 1 -p icmp -j DROP
I am interested in knowing if this work around makes any sense. Please
keep me informed about this vulnerability.
Thank you,
Alok.
--
ILION Security S.A.
Network Audit by Ethical Hacking
M. Alok Menghrajani
alok@ilionsecurity.ch
http://www.ilionsecurity.ch
36, av. Cardinal-Mermillod
CH-1227 Carouge/GE
Tél.: +41 22 343 99 33
Mob.: +41 78 740 88 97
Fax: +41 22 343 99 34
