BugTraq
Back to list
|
Post reply
Re: Re: Verified evasion in Snort
Feb 02 2006 10:11PM
anonpoet inconnu isu edu
(1 replies)
Re: Re: Verified evasion in Snort
Feb 03 2006 03:03PM
Dave Korn (davek_throwaway hotmail com)
anonpoet (at) inconnu.isu (dot) edu [email concealed] wrote:
> (Windows boxes don't seem to send out a frag time exceeded on
> anything other than the first fragment.)
That's what the host requirements RFC demands: see e.g.
http://www.rfc-editor.org/rfc/rfc1122.txt
----------------------quote----------------------
3.2.2 Internet Control Message Protocol -- ICMP
[ ... snip ... ]
An ICMP error message MUST NOT be sent as the result of
receiving:
[ ... snip ... ]
* a non-initial fragment, or
----------------------quote----------------------
cheers,
DaveK
--
Can't think of a witty .sigline today....
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> (Windows boxes don't seem to send out a frag time exceeded on
> anything other than the first fragment.)
That's what the host requirements RFC demands: see e.g.
http://www.rfc-editor.org/rfc/rfc1122.txt
----------------------quote----------------------
3.2.2 Internet Control Message Protocol -- ICMP
[ ... snip ... ]
An ICMP error message MUST NOT be sent as the result of
receiving:
[ ... snip ... ]
* a non-initial fragment, or
----------------------quote----------------------
cheers,
DaveK
--
Can't think of a witty .sigline today....
[ reply ]