Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect)
From: Andrew M Hoerter <amh () POBOX COM>
Date: Fri, 1 Mar 2002 13:38:35 -0500

On Wed, 27 February 2002 A.D., Brewis, Mark wrote:

Quite often these are commercial, off the peg TCP/IP stacks.  I have seen
some dreadful examples, both in terms of fragility and of TCP sequence
number generation.  I've seen sequential, sequential based on standard
increments, and repeating sequences.


Compromise a network via the printers and you will have a network managers
attention.  The only problem lies in the paucity of solutions available to
correct the issue.

Although it won't guard against attacks from within, one excellent
solution to this problem is an appropriately designed firewall.  The
latest release of OpenBSD[1] contains a new packet filter (`pf') which 
can help protect buggy TCP stacks.  Two features will be of interest:

*  The 'modulate state' directive, which causes a highly random initial
   sequence number to be substituted for those supplied by a less
   vigilant stack.

*  The 'scrub' directive, which causes full fragment reassembly and 
   other packet normalization to take place before delivery to possibly
   fragile stacks.

[1] http://www.openbsd.org/

"Everyone may openly covet everyone else's property, as long as he 
appeals to democracy; and everyone may act on his desire for another 
man's property, provided that he finds entrance into government."
       -- Hans-Hermann Hoppe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]