BugTraq
NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. Mar 30 2004 06:18PM
Paul (paul edonkey2000 com) (1 replies)
Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. Mar 30 2004 10:03PM
Joe Stewart (jstewart lurhq com) (1 replies)
IPv4 fragmentation --> The Rose Attack Mar 31 2004 04:18AM
gandalf digital net (2 replies)
Re: IPv4 fragmentation --> The Rose Attack Apr 01 2004 12:07PM
Chris Brenton (cbrenton chrisbrenton org)
Re: IPv4 fragmentation --> The Rose Attack Mar 31 2004 08:07PM
stanislav shalunov (shalunov internet2 edu) (1 replies)
<gandalf (at) digital (dot) net [email concealed]> writes:

> While this discussion pertains to IPv4, IPv6 also allows fragmentation and I
> suspect IPv6 will also be affected by this attack.

IPv6 does not have en-route fragmentation and, therefore, has no
reassembly. IPv6 is not affected.

Interesting attack. Various standards require behaviors that lead to
unlimited memory usage. For example, my netkill attack shows how to
cause a TCP stack to use all memory that is available to it. The Rose
attack doesn't even use TCP to achieve a similar effect.

A mitigating strategy would be to give the IPv4 reassembly code a
certain amount of memory and, when that memory is filled, drop random
packets that are being reassembled. The data structures used to hold
fragments must allow to only hold those parts that have already
arrived. This would still allow attacks on the reassembly facility
itself (an attacker could keep the reassembly memory full and cause
the majority of legitimate fragmented packets to be dropped by the
receiver), but at least other parts of the stack and the OS would not
suffer.

--
Stanislav Shalunov http://www.internet2.edu/~shalunov/

[ reply ]
Re: IPv4 fragmentation --> The Rose Attack Mar 31 2004 11:42PM
Crist J. Clark (cristjc comcast net) (1 replies)
Re: IPv4 fragmentation --> The Rose Attack Apr 01 2004 02:21AM
stanislav shalunov (shalunov internet2 edu)


 

Privacy Statement
Copyright 2010, SecurityFocus