[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Suspicion about denial of service attacks possible on IP.
From: Darren Reed <avalon () coombs ! anu ! edu ! au>
Date: 1996-10-23 7:45:57
[Download RAW message or body]
In some mail from Henrik P Johnson, sie said:
>
> I was idly reading through Internetworking with TCP/IP yesterday when it hit me
> what might be a possible denial of service attack on IP stacks. What would
> happen if a host was bombarded with faked fragments of large IP packages. Would
> the stack allocate more and more memory trying to reconstruct the packages or
> do they operate with a fixed/max size limit on memory allocated for IP
> defragmentation?
It is possible, but it requires a lot of packets.
Different boxes handle it differently too.
When I tried it against my SunOS4 box, it didn't crash, but X-Windows could
not be used after it ran out of mbufs.
There's a bug in how overlapping mbufs are freed in BSD code upto
4.4BSD-Lite/2 (I believe) - that or it never got merged with FreeBSD 2.1.5.
(Patch for this is included with IP Filter ;) For FreeBSD, it seems that
the result is that it never frees the mbuf...
Darren
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic