|
Vulnerability Development
mailing list archives
Re: Packet Fragmentation Attacks
From: Mikael Olsson <mikael.olsson () ENTERNET SE>
Date: Fri, 25 Aug 2000 10:46:59 +0200
Max wrote:
[fragment flooding]
I recieve the following kernel message:
"Aug 24 10:10:43 orion /bsd: ne3: warning - reciever ring buffer
overrun".
This is a problem on the ethernet/driver level. If the receiver
ring buffer is full, the NIC is receiving packets from faster
than the CPU is despooling them; the result is plain and simple
packet loss.
There could be two causes for this:
1) Your CPU is plain too slow; get a faster one, otherwise
you'll always experience packet loss if someone is talking
to you too fast (fragments or no fragments).
2) The defragmentation routine is taking too much time; the result
would be that the CPU is too busy to despool packets in a
timely fashion. Maybe the reassembly could be optimized
a little bit, but in any case, I don't think it'd help much.
In either case, I wouldn't view this as a big problem. Packet
loss is part of normal network operation :)
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se
 By Date 
By Thread
Current thread:
|
Intro
