mailing list archives
Re: Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect)
From: Andrew M Hoerter <amh () POBOX COM>
Date: Fri, 1 Mar 2002 13:38:35 -0500
On Wed, 27 February 2002 A.D., Brewis, Mark wrote:
Quite often these are commercial, off the peg TCP/IP stacks. I have seen
some dreadful examples, both in terms of fragility and of TCP sequence
number generation. I've seen sequential, sequential based on standard
increments, and repeating sequences.
Compromise a network via the printers and you will have a network managers
attention. The only problem lies in the paucity of solutions available to
correct the issue.
Although it won't guard against attacks from within, one excellent
solution to this problem is an appropriately designed firewall. The
latest release of OpenBSD contains a new packet filter (`pf') which
can help protect buggy TCP stacks. Two features will be of interest:
* The 'modulate state' directive, which causes a highly random initial
sequence number to be substituted for those supplied by a less
* The 'scrub' directive, which causes full fragment reassembly and
other packet normalization to take place before delivery to possibly
"Everyone may openly covet everyone else's property, as long as he
appeals to democracy; and everyone may act on his desire for another
man's property, provided that he finds entrance into government."
-- Hans-Hermann Hoppe