[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Suspicion denied
From:       Nathan Lawson <nlawson () kdat ! csc ! calpoly ! edu>
Date:       1996-10-22 7:47:09
[Download RAW message or body]

Henrik said:
> I was idly reading through Internetworking with TCP/IP yesterday when it
> hit me what might be a possible denial of service attack on IP stacks. What
> would happen if a host was bombarded with faked fragments of large IP
> packages. Would
> the stack allocate more and more memory trying to reconstruct the packages or
> do they operate with a fixed/max size limit on memory allocated for IP
> defragmentation?

No.  At the very least, ip_drain() is called when the kernel needs more memory
and its first task is to drop all fragments.

General request:  Please desist with the silly ping ramblings.

--
Nate Lawson                  "There are a thousand hacking at the branches of
CPE Senior                    evil to one who is striking at the root."
CSL Admin                              -- Henry David Thoreau, 'Walden', 1854

[prev in list] [next in list] [prev in thread] [next in thread]