RE: TCP/IP implementations do not adequately validate ICMP error messages

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: TCP/IP implementations do not adequately validate ICMP error messages
From: "David Schwartz" <davids@xxxxxxxxxxxxx>
Date: Tue, 10 May 2005 13:38:19 -0700
Importance: Normal
In-reply-to: <4280CA6D.20602@xxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: davids@xxxxxxxxxxxxx

> when I add the following rule to iptables, the linux server (Kernel
> 2.4.29-grsec) is no longer vulnerable to the DOS:
> iptables -I INPUT 1 -p icmp -j DROP
>
> I am interested in knowing if this work around makes any sense. Please
> keep me informed about this vulnerability.

        This breaks PMTU detection. ICMP is a host requirement, it is not 
optional.

        DS

References:
- TCP/IP implementations do not adequately validate ICMP error messages
  - From: Alok Menghrajani - Ilion Security SA

Prev by Date: Yappa-NG Multiple Vulnerabilities
Next by Date: [DR018] Quartz Composer / QuickTime 7 information leakage
Previous by thread: Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages
Next by thread: Firefox Crash??
Index(es):
- Date
- Thread