BugTraq
TCP/IP implementations do not adequately validate ICMP error messages May 10 2005 02:51PM
Alok Menghrajani - Ilion Security SA (alok ilionsecurity ch) (4 replies)
Re: TCP/IP implementations do not adequately validate ICMP error messages May 11 2005 08:05PM
Maciej Soltysiak (maciej soltysiak com)
Re: SPAM-HIGH: TCP/IP implementations do not adequately validate ICMP error messages May 11 2005 02:20PM
David Nichols (dnichols amci com)
Re: TCP/IP implementations do not adequately validate ICMP error messages May 11 2005 12:39PM
Peter Keel (security cyberlink ch)
RE: TCP/IP implementations do not adequately validate ICMP error messages May 10 2005 08:38PM
David Schwartz (davids webmaster com)

> when I add the following rule to iptables, the linux server (Kernel
> 2.4.29-grsec) is no longer vulnerable to the DOS:
> iptables -I INPUT 1 -p icmp -j DROP
>
> I am interested in knowing if this work around makes any sense. Please
> keep me informed about this vulnerability.

This breaks PMTU detection. ICMP is a host requirement, it is not optional.

DS

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus