Bugtraq: TCP/IP implementations do not adequately validate ICMP error messages

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

TCP/IP implementations do not adequately validate ICMP error messages

From: Alok Menghrajani - Ilion Security SA <alok () ilionsecurity ch>
Date: Tue, 10 May 2005 16:51:25 +0200

Hi,

I was playing around with the ICMP error messages DOS attack (I found anexploit on securityfocus.org bid 13214), and I noticed the followingwork around:

when I add the following rule to iptables, the linux server (Kernel2.4.29-grsec) is no longer vulnerable to the DOS:

iptables -I INPUT 1 -p icmp -j DROP

I am interested in knowing if this work around makes any sense. Pleasekeep me informed about this vulnerability.


Thank you,
Alok.

--
ILION Security S.A.
Network Audit by Ethical Hacking

M. Alok Menghrajani
alok () ilionsecurity ch

http://www.ilionsecurity.ch
36, av. Cardinal-Mermillod
CH-1227 Carouge/GE
Tél.: +41 22 343 99 33
Mob.: +41 78 740 88 97
Fax:  +41 22 343 99 34

By Date By Thread

Current thread:

TCP/IP implementations do not adequately validate ICMP error messages Alok Menghrajani - Ilion Security SA (May 10)
- Re: TCP/IP implementations do not adequately validate ICMP error messages Peter Keel (May 11)
- Re: TCP/IP implementations do not adequately validate ICMP error messages Maciej Soltysiak (May 11)
- Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages David Nichols (May 11)
- RE: TCP/IP implementations do not adequately validate ICMP error messages David Schwartz (May 11)