I know that MS has addressed problems like "ping of death" to NT with
previous service packs; See
http://support.microsoft.com/support/kb/articles/Q132/4/70.asp for a really
old one. Does anyone out there know whether NT 4 SP5 (without MS Proxy's
packet filter) is still vulnerable to such attacks? Just curious.
-----Original Message-----
From: Darren Reed [mailto:darrenr_at_reed.wattle.id.au]
Sent: Thursday, September 09, 1999 5:16 AM
To: dwelch_at_best.com
Cc: joe_at_joesnet.com; firewall-wizards_at_nfr.net
Subject: Re: COmpare Firewalls
In some email I received from Dameon D. Welch, sie wrote:
>
> An application layer filter can not protect your OS against certain DOS
> attacks such as a Ping of Death. A ping of death causes problems at the
> IP stack, which an application can not effectively protect. An application
> can filter based on IP addresses, but it's more like an access list for
> the application (like TCP Wrappers) versus kernel-level packet filtering.
Is this just ignorance or what ? Well, I guess it depends on _what_ you
consider as being "protected" here. If you want to include the firewall
itself, then if it just does application proxying, sure, it may die from
the Ping of Death. But unless their product is a total piece of garbage.
whatever is behind it should be immune to the Ping of Death. (When I say
garbage, I'm implying that they must have a ICMP relay program that not
only receives a PoD without dieing but creates one itself, which I would
consider rather extraordinary for a firewall to do).
FWIW, the application proxy should be able to do filtering on things like
source routing (socket options), bad source addresses/port numbers - other
nasty packets such as those fragmented inside the TCP header aren't going
to be a worry because they need to be reassembled by the proxy firewall
and will be treated as a whole by the firewall and not resent on as those
nastygrams.
Darren
Received on Sep 09 1999
Intro
