Home page logo

bugtraq logo Bugtraq mailing list archives

TCP/IP implementations do not adequately validate ICMP error messages
From: Alok Menghrajani - Ilion Security SA <alok () ilionsecurity ch>
Date: Tue, 10 May 2005 16:51:25 +0200


I was playing around with the ICMP error messages DOS attack (I found an exploit on securityfocus.org bid 13214), and I noticed the following work around:

when I add the following rule to iptables, the linux server (Kernel 2.4.29-grsec) is no longer vulnerable to the DOS:
iptables -I INPUT 1 -p icmp -j DROP

I am interested in knowing if this work around makes any sense. Please keep me informed about this vulnerability.

Thank you,

ILION Security S.A.
Network Audit by Ethical Hacking

M. Alok Menghrajani
alok () ilionsecurity ch

36, av. Cardinal-Mermillod
CH-1227 Carouge/GE
Tél.: +41 22 343 99 33
Mob.: +41 78 740 88 97
Fax:  +41 22 343 99 34

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]