[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] New TCP-stack-exploit a hoax
>> Thats not what a asked. Assuming conn-track works fine and my
>> ip-filter decides to drop the package. When will this take place ?
>> Before defragmenting packet or with defragmented packets,. The
>> last case means such an exploit would work.
>Thats more than theoretical. If you do not know where the
>bug is (if there is one) then why making the assumption
>that part X is safe?
Simply because not the netfilter code was adressed to be buggy, but
the tcp "stack" implementaion.
>It will probably only put you into wrong feeling of security if such a
>bug really exists.
No, dont think so. That is why i asked that theoretical question which
is not answered until know. Will netfilter block such kind of packets when
a attacker tries to root my box ??? Or is a malicious packets handled
by the kernel before netfilter comes to inspect them ???
>Who tells that such a fragmented packet does not belong to a connection
>at all? :) If you have a public webserver I guess its easy to have
>packets for a tracked connection.
This is another possibility to get infected, but it doesnt affect e.g. vpn
>Anyway, its probably not necessary to discuss that if noone
>knows any details.
Dont think so. Its always good to talk about.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here