Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Firewall Wizards: Re: syslog and network management

Re: syslog and network management

From: Paul D. Robertson <paul_at_compuwar.net>
Date: Thu, 13 Mar 2008 13:11:28 -0500 (EST)

On Thu, 13 Mar 2008, Roel Jonkman wrote:

> All,
>
> UDP checksum is optional, if the checksum field is 0, there is no checksum.

While the implementations must support it being optional, the default is
to do it. Here are two references:

http://freesoft.org/CIE/RFC/1122/79.htm

A host MUST implement the facility to generate and validate UDP checksums.
An application MAY optionally be able to control whether a UDP checksum
will be generated, but it MUST default to checksumming on.

If a UDP datagram is received with a checksum that is non- zero and
invalid, UDP MUST silently discard the datagram. An application MAY
optionally be able to control whether UDP datagrams without checksums
should be discarded or passed to the application.

DISCUSSION:
Some applications that normally run only across local area networks have
chosen to turn off UDP checksums for efficiency. As a result, numerous
cases of undetected errors have been reported. The advisability of ever
turning off UDP checksumming is very controversial.

IMPLEMENTATION:
There is a common implementation error in UDP checksums. Unlike the TCP
checksum, the UDP checksum is optional; the value zero is transmitted in
the checksum field of a UDP header to indicate the absence of a checksum.
If the transmitter really calculates a UDP checksum of zero, it must
transmit the checksum as all 1's (65535). No special action is required at
the receiver, since zero and 65535 are equivalent in 1's complement
arithmetic.

Also-

ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-ietf-syslog-transport-udp-12.txt

3.6. UDP Checksums

   Syslog senders MUST NOT disable UDP checksums. IPv4 syslog senders
   SHOULD use UDP checksums when sending messages. Note that RFC 2460
   [4] mandates the use of UDP checksums when sending UDP datagrams over
   IPv6.

   Syslog receivers MUST NOT disable UDP checksum checks. IPv4 syslog
   receivers SHOULD check UDP checksums and they SHOULD accept a syslog
   message with a zero checksum. Note that RFC 2460 [4] mandates the
   use of checksums for UDP over IPv6.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul_at_compuwar.net which may have no basis whatsoever in fact."
             http://www.fluiditgroup.com/blog/pdr/
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Mar 13 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]