BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Linux zero IP ID vulnerability? Mar 14 2006 09:33AM
Marco Ivaldi (raptor 0xdeadbeef info)
Hello Bugtraq,

I've recently stumbled upon an interesting behaviour of some Linux kernels
that may be exploited by a remote attacker to abuse the ID field of IP
packets, effectively bypassing the zero IP ID in DF packets countermeasure
implemented since 2.4.8 (IIRC).

This is the correct behaviour:...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus