[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] New TCP-stack-exploit a hoax



>> Thats not what a asked. Assuming conn-track works fine and my
>> ip-filter decides to drop the package. When will this take place ?
>> Before defragmenting packet or with defragmented packets,. The
>> last case means such an exploit would work.
>Thats more than theoretical. If you do not know where the
>bug is (if there is one) then why making the assumption
>that part X is safe?

Simply because not the netfilter code was adressed to be buggy, but
the tcp "stack" implementaion.

>It will probably only put you into wrong feeling of security if such a
>bug really exists.

No, dont think so. That is why i asked that theoretical question which
is not answered until know. Will netfilter block such kind of packets when
a attacker tries to root my box ??? Or is a malicious packets handled
by the kernel before netfilter comes to inspect them ???

>Who tells that such a fragmented packet does not belong to a connection
>at all? :) If you have a public webserver I guess its easy to have
fragmented
>packets for a tracked connection.

This is another possibility to get infected, but it doesnt affect e.g. vpn
router.

>Anyway, its probably not necessary to discuss that if noone
>knows any details.

Dont think so. Its always good to talk about.

GTIF

Michael


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here