[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Suspicion about denial of service attacks possible on IP.
From:       Darren Reed <avalon () coombs ! anu ! edu ! au>
Date:       1996-10-23 7:45:57
[Download RAW message or body]

In some mail from Henrik P Johnson, sie said:
>
> I was idly reading through Internetworking with TCP/IP yesterday when it hit me
> what might be a possible denial of service attack on IP stacks. What would
> happen if a host was bombarded with faked fragments of large IP packages. Would
> the stack allocate more and more memory trying to reconstruct the packages or
> do they operate with a fixed/max size limit on memory allocated for IP
> defragmentation?

It is possible, but it requires a lot of packets.

Different boxes handle it differently too.

When I tried it against my SunOS4 box, it didn't crash, but X-Windows could
not be used after it ran out of mbufs.

There's a bug in how overlapping mbufs are freed in BSD code upto
4.4BSD-Lite/2 (I believe) - that or it never got merged with FreeBSD 2.1.5.
(Patch for this is included with IP Filter ;)  For FreeBSD, it seems that
the result is that it never frees the mbuf...

Darren

[prev in list] [next in list] [prev in thread] [next in thread]