Bugtraq: Re: BindView Security Advisory: SSR Denial of Service

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: BindView Security Advisory: SSR Denial of Service

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Thu, 25 Nov 1999 01:13:22 +0000

The danger in this problem arises from the fact that many perimeter defenses
(firewalls) permit ICMP through, which means that remote, anonymous
attackers


Note that perimiter firewalls that don't let some ICMP through are broken
(If anyone from certain large search/net companies beginning with A and Y are
listening....). With return ICMP must fragment messages blocked the host
isnt properly accessible (in many cases not accessible at all) over lower
MTU paths like secure tunnels, groups of machines behind low mtu ppp links
etc.

A perimiter firewall can (and probably should) do stateful checking of the
ICMPs perhaps with rate limiting too.

Alan

By Date By Thread

Current thread:

Oracle Web Listener, (continued)