Date: Tue, 22 Oct 1996 18:29:21 -0700 (PDT) From: Steve Reid <steve@edmweb.com> To: security@freebsd.org Subject: [more bugtraq] Re: Suspicion about denial of service attacks possible on IP. (fwd) Message-ID: <Pine.BSF.3.91.961022182608.412A-100000@bitbucket.edmweb.com>
next in thread | raw e-mail | index | archive | help
Another from Bugtraq. Can anyone confirm or deny the last paragraph? For anyone who's interested, Bugtraq is archived at http://geek-girl.com/bugtraq/ ---------- Forwarded message ---------- Date: Wed, 23 Oct 1996 07:45:57 +1000 From: Darren Reed <avalon@coombs.anu.edu.au> To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG> Subject: Re: Suspicion about denial of service attacks possible on IP. In some mail from Henrik P Johnson, sie said: > > I was idly reading through Internetworking with TCP/IP yesterday when it hit me > what might be a possible denial of service attack on IP stacks. What would > happen if a host was bombarded with faked fragments of large IP packages. Would > the stack allocate more and more memory trying to reconstruct the packages or > do they operate with a fixed/max size limit on memory allocated for IP > defragmentation? It is possible, but it requires a lot of packets. Different boxes handle it differently too. When I tried it against my SunOS4 box, it didn't crash, but X-Windows could not be used after it ran out of mbufs. There's a bug in how overlapping mbufs are freed in BSD code upto 4.4BSD-Lite/2 (I believe) - that or it never got merged with FreeBSD 2.1.5. (Patch for this is included with IP Filter ;) For FreeBSD, it seems that the result is that it never frees the mbuf... Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961022182608.412A-100000>