Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Linux 2.0.33 vulnerability: oversized packets
From: jlewis () inorganic5 fdt net (Jon Lewis)
Date: Tue, 21 Apr 1998 01:34:52 -0400


On Fri, 17 Apr 1998, Michal Zalewski wrote:

I'm not sure if it's known, but I haven't found anything about it.
No matter, there's something strange in net/ipv4/ip_fragment.h (it's
probably Alan's fault):

if(len>65535)
{
        printk("Oversized IP packet from %s.\n", in_ntoa(qp->iph->saddr));

Actually, I think I have to take credit for that.  I don't remember if the
original (Alan's) patch printk'd at all (I don't think it did)...but I
know I was the one who wanted to see claimed source addresses.  Belive it
or not, I caught one of our own users trying to crash our mail server
about an hour after adding the fix with the printk.  Can you say luserdel?

Rather than use NETDEBUG to totally disable the printk, I think it might
be more useful to put in some code to limit frequency of reporting...sort
of like Solar Designer's secure-linux patch's security_alert() function
does.

------------------------------------------------------------------
 Jon Lewis <jlewis () fdt net>  |
 Network Administrator       |
 Florida Digital Turnpike    |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]