Home page logo

bugtraq logo Bugtraq mailing list archives

RE: TCP/IP implementations do not adequately validate ICMP error messages
From: "David Schwartz" <davids () webmaster com>
Date: Tue, 10 May 2005 13:38:19 -0700

when I add the following rule to iptables, the linux server (Kernel
2.4.29-grsec) is no longer vulnerable to the DOS:
iptables -I INPUT 1 -p icmp -j DROP

I am interested in knowing if this work around makes any sense. Please
keep me informed about this vulnerability.

        This breaks PMTU detection. ICMP is a host requirement, it is not optional.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]