Gents,
This is not only the question of ping of death. There is also a very
important issue of how this ping server/proxy validates that the
requests sent and received are truly genuine ICMP echo requests and
replies. Especially data in the data portion of the ICMP echo request
and reply, message length and other gizmos.
Ofir Arkin [ofir_at_sys-security.com]
Founder
The Sys-Security Group
http://www.sys-security.com
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA
-----Original Message-----
From: firewall-wizards-admin_at_nfr.com
[mailto:firewall-wizards-admin_at_nfr.com] On Behalf Of Marcus J. Ranum
Sent: ג 09 אוקטובר 2001 17:24
To: Don Ng; firewall-wizards_at_nfr.com
Subject: Re: [fw-wiz] Borderware Ping Server
> Seems to be quite unique, is it a proxy server for
>ICMP echo request?
I believe that what it did was set a bpf filter for icmp packets, which
it
then proxied to the outside world and re-injected on the internal
network.
Kind of an interesting concept; I wonder if it would have adequately
protected
against a ping of death attack...
mjr.
---
Marcus J. Ranum Chief Technology Officer, NFR Security, Inc.
Work: http://www.nfr.com
Personal: http://www.ranum.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Received on Oct 17 2001
Intro
